Announcement

Collapse
No announcement yet.

Ubuntu Forums Get Breached, 2 Million Users/Emails/IPs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    so, name and email - could be used for gathering further information and correlating more user info across various sites - that in turn can lead to potential password resets of accounts.

    I wonder if it is time to use email address randomisation as well as a password utility

    Comment


    • #12
      Originally posted by boxie View Post
      so, name and email - could be used for gathering further information and correlating more user info across various sites - that in turn can lead to potential password resets of accounts.

      I wonder if it is time to use email address randomisation as well as a password utility
      That's actually what I've been doing for a while now... though it began more as an anti-spam measure. (I give each site an e-mail alias which can be revoked like an API key if it leaks and, because they're all unique, I can tell exactly who got compromised.)

      Comment


      • #13
        I still haven't changed my password from last time...

        Comment


        • #14
          vBulletin...

          Comment


          • #15
            Sounds pretty bad on the surface, but if they're not lying about the passwords and were able to protect them by keeping them in a separate table and/or hashed with salts (pure hashes have been unsafe for years thanks to rainbow tables and GPU crackers) then it's not that big of a deal.
            "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."

            Comment


            • #16
              They use proprietary forum software instead of free open source forum software.

              Then they get hacked. They should use free open source software and keep it updated.

              Comment


              • #17
                I for one are running into alias limitations in Google Apps. Right now, I have 30 email aliases that do not have a plus. None of my aliases get spam except "gp" and I tend to delete it by the end of the year. If I try to add another alias, I get "this user already has the maximum number of aliases" and I'm stuck with that limit

                I do NOT want spammers to figure out that they can take out the plus with the alias and figure out that I have a real email address. In Postfix in Zarafa server, I could specify a lot of aliases in /etc/aliases but I don't know what' the hard limit before I switch over to Google Apps for Work as my personal Google Apps account. I'm sure there are a lot of enthusiasts who have a personal domain name like I do.

                Well anyway, I have not been using Ubuntu Forums for a long time now. I am running Arch Linux and Ubuntu Server and have not had any problems at all.

                Update: I found an answer: https://productforums.google.com/for...ps/RHTzuOzlSPA

                It's ten times the number of user accounts, so that makes it three users, which does not make sense. I use aliases as a means of anti-spam measure and I do not want to switch away from Google Apps for Work as I like to keep things centralized and that I have already invested in Google ecosystem.
                Last edited by GraysonPeddie; 15 July 2016, 03:54 PM.

                Comment


                • #18
                  Originally posted by nomadewolf View Post
                  I wonder how hard it was penetrated...
                  You've been wondering all alone, I presume, Mr "Nomad".

                  Comment


                  • #19
                    Originally posted by uid313 View Post
                    They use proprietary forum software instead of free open source forum software.

                    Then they get hacked. They should use free open source software and keep it updated.
                    Considering the volume of forum members they have, I bet there would be a greater chance of getting security issues fixed. At least if it was open source the forum members themselves would feel a sense of responsibility to fix it. But who is responsible in this case?

                    Comment


                    • #20
                      Originally posted by Scellow View Post
                      That's what happens when you only distribute outdated package, and release LTS OS

                      Ubuntu it's time to change
                      In that case Red Hat, Debian and CentOS users who run even older packages are doomed.

                      Comment

                      Working...
                      X