18 replies to this topic

[iownall555]

Apparently the Ubuntu Forums were hacked and defaced today/yesterday and tons of usernames, emails and passwords were stolen from their database.
According to the website it hasn't affected any of the other Ubuntu services (such as Ubuntu One). Probably a good idea to change any shared passwords.
Thoughts on this?

http://ubuntuforums.org/announce.html
http://ubuntu-discou...ust-defaced/603

[nutcase84]

iownall555, on 21 July 2013 - 05:57 AM, said:

Thoughts on this?

Good thing I didn't make a Ubuntu Forums account.

[Dlcruz129]

It was @Sputn1k_. He hacked the Yogscast and is targeting Cube World.

[Thib0704]

wow good thing i didn't register on ubuntu forums.

[iownall555]

Dlcruz129, on 21 July 2013 - 03:53 PM, said:

It was @Sputn1k_. He hacked the Yogscast and is targeting Cube World.

Really? When abouts did he hack the Yogscast?

This bloke must think he's top s t defacing websites. I wouldn't be surprised if he's a script kiddie from a certain "hacker" forum (which I won't mention the name of).

[Engineer]

iownall555, on 22 July 2013 - 02:04 AM, said:

I wouldn't be surprised if he's a script kiddie from a certain "hacker" forum (which I won't mention the name of).

What in earths name does his forum title due to this? I mean, I can be a professional coder and come on here and have 1 post. It isnt about the ******* title

[Tiin57]

Engineer, on 22 July 2013 - 06:11 AM, said:

iownall555, on 22 July 2013 - 02:04 AM, said:

I wouldn't be surprised if he's a script kiddie from a certain "hacker" forum (which I won't mention the name of).

What in earths name does his forum title due to this? I mean, I can be a professional coder and come on here and have 1 post. It isnt about the ******* title

No one mentioned a title.

[GravityScore]

tiin57, on 22 July 2013 - 06:16 AM, said:

No one mentioned a title.

iownall555, on 22 July 2013 - 02:04 AM, said:

I wouldn't be surprised if he's a script kiddie from a certain "hacker" forum (which I won't mention the name of).

iownall was implying script kiddies are dickheads who go around and hack forums. Engineer was saying that you shouldn't generalise people of a certain forum title like that, and that people can be excellent coders and that their forum title has nothing to do with anything, which I agree with, but not as passionately

[Tiin57]

Again, it's not about the title. The term "script kiddie" basically means someone who is copying and pasting code from a forum or wiki. iownall isn't referring to the title for members on this forum; he's referring to the more common definition.

[GravityScore]

tiin57, on 22 July 2013 - 08:28 AM, said:

Again, it's not about the title. The term "script kiddie" basically means someone who is copying and pasting code from a forum or wiki. iownall isn't referring to the title for members on this forum; he's referring to the more common definition.

Oh, TIL Thanks, didn't know that.

[Pharap]

It's always amusing when forums get hacked.

[Dlcruz129]

Pharap, on 22 July 2013 - 09:59 AM, said:

It's always amusing when forums get hacked.

It was pretty amusing when he hacked the Yogscast. It was just a banner and some annoying music. But this? Stealing usernames and passwords? I don't know about you, but I use the same password for almost everything (excluding important stuff like bank accounts, etc). He could easily get into people's email accounts, etc. I'm sorry, but I don't find that amusing.

[Dlcruz129]

Sputn1k is now targetting YoYo Games, creators of Gamemaker.

Quote

Let's see how long it takes @YoYoGamemaker to notice. ~

[Pharap]

Dlcruz129, on 22 July 2013 - 10:29 AM, said:

Pharap, on 22 July 2013 - 09:59 AM, said:

It's always amusing when forums get hacked.

It was pretty amusing when he hacked the Yogscast. It was just a banner and some annoying music. But this? Stealing usernames and passwords? I don't know about you, but I use the same password for almost everything (excluding important stuff like bank accounts, etc). He could easily get into people's email accounts, etc. I'm sorry, but I don't find that amusing.

Well firstly, now people know they will have chance to go around changing their passwords before he can get at them.
Secondly with the sheer number of people using the forums it would take a long time to get through them all, and they aren't all going to be signed up to the same sites, so each one will take a bit of searching to find. Generally most people who know about it are safe if they act upon it, it's only the people he's already managed to target and the people who don't know who are in trouble. Aside from which, like you said, most sensible people don't use the same passwords they use for forums for important things like bank accounts and the like, so overall he's likely only going to be able to cause general mischief and trolling, nothing serious. So all in all, yes it's bad, but it could be worse. If anything it's going to cause as much good as bad, because it will make the forums more safety-concious so they'll improve security and thus they'll be less likely to be hacked.

(And out of interest, I have at least 10 different passwords, and their frequency of use generally correspond to how much I care about loosing a particular account. Someone finding out the most used one would cause issues, but I have the advantage of knowing which accounts use what passwords and variations, so if someone stole it, I'd at least be able to salvage the majority. )

[Cranium]

Hacking for a prank is one thing. Hacking for malicious intent or personal gain is another.

That said, good thing I don't use Linux, so I have no reason to have an account there.

[PixelToast]

shame on you
i had 2 accounts that i never used on those forums

[D3matt]

Whether you believe it or not, he did release a tweet saying he has no intention to use the copied data, making it a "prank/lesson-learned" hack if he's truthful.
http://www.twitlonge.../show/n_1rlft0d

[iownall555]

Engineer, on 22 July 2013 - 06:11 AM, said:

iownall555, on 22 July 2013 - 02:04 AM, said:

I wouldn't be surprised if he's a script kiddie from a certain "hacker" forum (which I won't mention the name of).

What in earths name does his forum title due to this? I mean, I can be a professional coder and come on here and have 1 post. It isnt about the ******* title

As a few people have pointed out, I wasn't blaming anyone on this forums for it, nor was I saying it was to do with user title. I was simply pointing out that it could have been someone from a well known hacker forum.

D3matt, on 22 July 2013 - 02:18 PM, said:

Whether you believe it or not, he did release a tweet saying he has no intention to use the copied data, making it a "prank/lesson-learned" hack if he's truthful.
http://www.twitlonge.../show/n_1rlft0d

Whatever his intention, I still think he's a bit of a douche for doing it.

Also, why does vBulletin store passwords as md5s? Aren't most forums using SHA-1 (or some stronger varient) nowadays?

[Cloudy]

Don't give these dudes any attention. That's what they want. Locked.