1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Flaw in vBulletin add-on leads to Ubuntu Forums database breach

Discussion in 'CSO' started by RSS, Jul 18, 2016.

  1. RSS

    RSS New Member Member

    Ubuntu support forums users should be on the lookout for dodgy emails after the website's database of 2 million email addresses was stolen.

    Canonical announced the security breach on Friday after being notified that someone was claiming to have a copy of the UbuntuForums.org database. An investigation revealed that an attacker did get access to the website's user records through a vulnerability.

    The exploited SQL injection flaw was located in the Forum Runner add-on for vBulletin, commercial web forum software that powers over 100,000 community websites on the Internet and is especially popular with companies. The vulnerability was known, but the Canonical IS team had failed to apply the patch for it in a timely manner.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page