VBulletin flaw exploited in breach of Ubuntu Forums

July 18, 2016

A known SQL injection vulnerability affecting vBulletin software was exploited by an attacker to breach the Ubuntu Forums database. The attacker accessed the user table, containing usernames, email addresses, Internet Protocol addresses, and the hashed and salted strings used for Ubuntu Single Sign On logins of 2 million users.

“The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers," Canonical Ltd. CEO Jane Silber wrote in a company blog post. "This gave them the ability to read from any table but we believe they only ever read from the ‘user' table.”

Canonical, the software vendor that powers the Ubuntu project, has since patched the vBulletin flaw and reset all system and database passwords. The software company also backed up is servers running vBulletin, then wiped clean and rebuilt the servers.

In November, vBulletin reset all user passwords after a breach compromised personally identifiable information of almost 480,000 subscribers.

VBulletin flaw exploited in breach of Ubuntu Forums

Related

Prepping for Security Incidents, Automated Validation & No-Code Automation Revolution – Amitai Ratzon, Jon Check, Thomas Kinsella – ESW #319

Why are 1.8M Apria patients just now being notified of a 2021 data breach?

Data breach confirmed by Luxottica after leak of over 70M customers’ records

Related Events

Stemming the rising tide of fraud with machine learning and AI

Part 2: Detection & Response Demo: Patrolling Every Packet & Process for Signs of Compromise

Part 1: The Telltale Signs of a Network Compromise: A Stage-by-Stage Attack Chronology

Get daily email updates