Notice of security breach on Ubuntu Forums
"There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologise for the breach and ensuing inconvenience."
What we’ve done Cleanup
Via OMGUbuntu
"There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologise for the breach and ensuing inconvenience."
What we’ve done Cleanup
- We backed up the servers running vBulletin, and then wiped them clean and rebuilt them from the ground up.
- We brought vBulletin up to the latest patch level.
- We reset all system and database passwords.
- We’ve installed ModSecurity, a Web Application Firewall, to help prevent similar attacks in the future.
- We’ve improved our monitoring of vBulletin to ensure that security patches are applied promptly.
Via OMGUbuntu
