Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: openSUSE forums defaced, user emails leaked

  1. #1
    Join Date
    Jul 2013
    Location
    Princeton area, NJ
    Beans
    80
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    openSUSE forums defaced, user emails leaked

    As reported by openSUSE on its site:

    As hackernews.com noted, the public openSUSE forums have been compromised and defaced. A cracker managed to exploit a vulnerability in the forum software which made it possible to upload files and gave access to the forum database. Passwords: Safe! Emails: Not so much :-/

    Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.
    However, some user data is stored in the local database for convenience, in the case of the forum the user email addresses. Those the hackers had access too and we’re very sorry for this data leak!
    And now?

    As the exploit is in the forum software we use and there are no known fixes or workarounds we have decided to take the forums offline for now, until we have found a solution. Stay tuned for updates here, on twitter, facebook or g+.

  2. #2
    Join Date
    Jul 2008
    Beans
    2,887

    Re: openSUSE forums defaced, user emails leaked

    Now I know why I'm getting 21 spam emails in 9 hrs. I kind of put 2 and 2 together after noticing the forums were off line.

  3. #3
    Join Date
    Aug 2013
    Beans
    22
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: openSUSE forums defaced, user emails leaked



    OpenSUSE was my first positive experience with Linux. Too bad the forum got hacked. No software with a connection to a network is invulnerable, I guess.

  4. #4
    Join Date
    Dec 2008
    Beans
    221
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: openSUSE forums defaced, user emails leaked

    My e-mail address that I have tied to an openSUSE forums account wont let me login... Haven't used it in well over a year so it could have been caused by any number of things (potentially even the UF hack that happened a while back?). I'm getting the following message when I try to login:

    We've detected unusual activity. For your protection, we've disabled your account.
    I pretty much just logged onto UF to see if accounts tied to that e-mail still work, and it seems they do... But I mean, I can't access the e-mail account so that's not really too helpful. At least I'm pretty sure it held nothing of any real importance, just a bunch of old blog and forum accounts, my UF account, launch pad account, bunch of linux forums... No big deal, but kind of annoying now that I know about it.

  5. #5
    Join Date
    Nov 2009
    Beans
    Hidden!
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: openSUSE forums defaced, user emails leaked

    well that's not good. time to get ready for some spam then.
    Easy to understand Ubuntu manual with lots of pics: http://ubuntu-manual.org/
    Do i need antivirus/firewall in linux?
    User friendly disk backup: Redobackup

  6. #6
    Join Date
    Jun 2006
    Location
    UK
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: openSUSE forums defaced, user emails leaked

    Quote Originally Posted by RichardLinx View Post
    I pretty much just logged onto UF to see if accounts tied to that e-mail still work, and it seems they do... But I mean, I can't access the e-mail account so that's not really too helpful. At least I'm pretty sure it held nothing of any real importance, just a bunch of old blog and forum accounts, my UF account, launch pad account, bunch of linux forums... No big deal, but kind of annoying now that I know about it.
    The following is OT to this thread, but I'll post it anyway because it might be helpful to both yourself and others in your position with a possibly compromised email account registered to their forum account.

    Bottom line - it won't affect your Ubuntuforums activity except for forum email notifications. And, as you have found, it doesn't affect your ability to log into UF from Ubuntu One SSO, but you might find it useful to change your Ubuntu One preferred email and your forum email. Just to remind everyone - once your Ubuntu One and ubuntuforums accounts are linked, you can change the email in either or both and they don't have to match. Email match between Ubuntu One and the forum is only necessary for the initial login association of the two accounts.
    Ubuntu 16.04 Desktop Guide - Ubuntu 14.04 Desktop Guide - Forum Guide to BBCode - IRC #ubuntuforums

    Member: Not Canonical Team

    Please do not PM me about your forum account unless you have been asked to. The correct place to contact an admin about your account is here.

  7. #7
    Join Date
    Dec 2008
    Beans
    221
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: openSUSE forums defaced, user emails leaked

    Quote Originally Posted by coffeecat View Post
    The following is OT to this thread, but I'll post it anyway because it might be helpful to both yourself and others in your position with a possibly compromised email account registered to their forum account.

    Bottom line - it won't affect your Ubuntuforums activity except for forum email notifications. And, as you have found, it doesn't affect your ability to log into UF from Ubuntu One SSO, but you might find it useful to change your Ubuntu One preferred email and your forum email. Just to remind everyone - once your Ubuntu One and ubuntuforums accounts are linked, you can change the email in either or both and they don't have to match. Email match between Ubuntu One and the forum is only necessary for the initial login association of the two accounts.
    Thanks for the heads up.

  8. #8
    Join Date
    Oct 2005
    Location
    Connecticut, USA
    Beans
    1,571
    Distro
    Ubuntu 15.10 Wily Werewolf

    Re: openSUSE forums defaced, user emails leaked

    Well, this sucks.

    I just cleared out my spam folder in preparation to see if there is an increase or not to what shows up there.
    Friends don't let friends wear a red shirt on landing-party duty.
    DACS | Connecticut LoCo Team | My Blog
    Ubuntu User# : 17583, Linux User# : 477531

  9. #9
    Join Date
    Jul 2013
    Location
    Princeton area, NJ
    Beans
    80
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: openSUSE forums defaced, user emails leaked

    Hello @dragonbite - I am also an openSUSE refugee - first as RichardET, now as BSDuser. I can't decide which distribution I prefer - Ubuntu or openSUSE, so I use both as my mood strikes me, but I prefer the ease of adding software in Ubuntu over openSUSE, but I also like Yast, so that is a plus on the openSUSE side, thus can't decide.

  10. #10
    Join Date
    Jul 2008
    Beans
    2,887

    Re: openSUSE forums defaced, user emails leaked

    In the last 5 1/2 hrs I have only received 3 spam emails. A lot better than late yesterday.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •