Sign in with
Sign up | Sign in

Hacking Spree Continues: Apple's Dev Site, Ubuntu Forums Hit

By - Source: Canonical | B 12 comments

Two more hacking reports surfaced over the weekend.

Two hacking reports surfaced over the weekend, and follows a string of hacks that have taken place across a number of websites over the past month. Apple acknowledged on Sunday that its developer site was down due to a hacking attempt on Thursday. Meanwhile Canonical's Jane Silber announced that the Ubuntu forums had been breached, allowing hackers to gain access to email addresses and hashed passwords.

"While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them," she said. "If users used the same password on other services they should immediately change that password."

Silber said that the issue is likely limited to the Ubuntu Forums -- no other Ubuntu or Canonical site or service has been affected. The company is now notifying by email all users whose details have been compromised. Canonical is also now investigating exactly how the attackers were able to gain access, and will keep the forums site offline until it can be safely brought back online.

"[We] are working with the software providers to address that issue," she said. "Once the investigation is concluded we will provide as much detail as we safely can. Updates will be posted to the ubuntuforums.org page as they are available. Once again, we apologize for the issue."

As for Apple's breach, the company told CNET in an email that the developer site is down because an intruder attempted to secure personal information of registered developers. The company said that sensitive personal information was encrypted and cannot be accessed, but there's a good chance the hacker accessed some developers' names, mailing addresses, and/or email address.

"We took the site down immediately on Thursday and have been working around the clock since then," Apple said. "In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."

The developer website is not associated with any customer information, the company added. Customer information is also securely encrypted.

Canonical and Apple are just two in a string of hacking attempts on high-profile sites over the last month. The previous attacks were on game-related sites including Club Nintendo in Japan, Ubisoft, Konami and developer Bohemia Interactive. The recent attempts on Apple and Canonical could be unrelated to the former group, or could be components of a larger identity theft campaign.

Apple said on Friday, the day after its developer site went down, that it will be extending membership periods if they were set to expire during the down time. All apps uploaded will also remain during that extended period as well.

Discuss
Display all 12 comments.
This thread is closed for comments
Top Comments
  • 11 Hide
    internetlad , July 22, 2013 3:41 PM
    That's impossible, it's impossible to hack an apple computer. They're perfect. Impossible.
  • 10 Hide
    bustapr , July 22, 2013 4:25 PM
    i understand hackers hacking apple and other corporations like them, but why ubuntu forums? I kind of see it as a taboo to hack a linux website, being one of the forum for the most hardcore developers and hackers to hang around. linux community isnt one youd want to piss off.
Other Comments
  • 4 Hide
    jdog2pt0 , July 22, 2013 3:09 PM
    The Ubuntu forum? What kind of a loser...
  • 11 Hide
    internetlad , July 22, 2013 3:41 PM
    That's impossible, it's impossible to hack an apple computer. They're perfect. Impossible.
  • 10 Hide
    bustapr , July 22, 2013 4:25 PM
    i understand hackers hacking apple and other corporations like them, but why ubuntu forums? I kind of see it as a taboo to hack a linux website, being one of the forum for the most hardcore developers and hackers to hang around. linux community isnt one youd want to piss off.
  • -9 Hide
    otacon72 , July 22, 2013 6:01 PM
    Oh wait...I thought Linux was some super secure OS....apparently not.

    @bustapr You "understand" individuals committing a felony? You're kind of a dullard.
  • 4 Hide
    bluekoala , July 22, 2013 6:44 PM
    @Otacon: Dullard should be a word you use against anyone else seeing as how you're on the cutting edge or stupidity and always innovate ways to be a moron.
    Linux is not an OS, a Forum is not an OS either. It is a Kernel.
    If you can't fathom people breaking laws then the concept of police officers must really blow your unsophisticated mind.
  • 0 Hide
    bluekoala , July 22, 2013 6:49 PM
    @Otacon: Dullard should be a word you use against anyone else seeing as how you're on the cutting edge or stupidity and always innovate ways to be a moron.
    Linux is not an OS, a Forum is not an OS either. It is a Kernel.
    If you can't fathom people breaking laws then the concept of police officers must really blow your unsophisticated mind.
  • -1 Hide
    eddieroolz , July 22, 2013 7:59 PM
    This is unsettling...at this point it's highly likely that it's the same group.
  • 0 Hide
    Darkk , July 22, 2013 8:19 PM
    Here is one thing that caught my eye:

    "While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them," she said. "If users used the same password on other services they should immediately change that password."

    It's been said the password are encrypted using a HASH method. If they didn't SALT the HASH then yes you would need to change the password on other websites that you use the same password.

    Had they SALT'd the passwords then it's not big of a deal. I know how it works with SALT. It's just a random info that gets mixed in with HASH making it impossible to reverse it.

    Pretty stupid if they didn't do this.
  • 0 Hide
    warmon6 , July 22, 2013 9:01 PM
    The guy that messed with the ubuntu forums, All I can say is, you've probably just stirred up a hornet's nest.....

    Just like how Japan had "awaken the sleeping giant" in WWII....
  • 0 Hide
    funguseater , July 22, 2013 9:32 PM
    Oh wait, the Apple guy had notified Apple he was testing the integrity of the system and notified them BEFORE attempting, they then shuttered the site 4 hours later. Not a hacker attack.
  • 0 Hide
    guru_urug , July 22, 2013 11:14 PM
    Why attack open source???!!! I can understand attacking the multi-million corps.
    Sheesh!...losers
  • 0 Hide
    Someone Somewhere , July 23, 2013 2:13 AM
    Quote:
    I know how it works with SALT. It's just a random info that gets mixed in with HASH making it impossible to reverse it.


    Not impossible (it can't ever be impossible), just a whole lot tougher when there are multiple passwords.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter