cubalo

At 20:11UTC, a defacement of the Ubuntu Forums was reported to Canonical and at 20:15UTC the site was taken down and replaced with a splash page. According to the official Canonical statement, the attack method used in the breach is still unknown. The statement also states:

• We have confirmed the attackers were able to access all user email addresses and hashed passwords on the Forums site. While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them. If users used the same password on other services they should immediately change that password.

• We believe the issue is limited to the Ubuntu Forums and no other Ubuntu or Canonical site or service is affected.

• We have begun the process of notifying by email all users whose details have been compromised.

If you are affected by this breach, now would be the time to update your passwords of other services, especially if you duplicate passwords. I will update this post as more information becomes available.