Hacking Spree Continues: Apple's Dev Site, Ubuntu Forums Hit
Two more hacking reports surfaced over the weekend.
Two hacking reports surfaced over the weekend, and follows a string of hacks that have taken place across a number of websites over the past month. Apple acknowledged on Sunday that its developer site was down due to a hacking attempt on Thursday. Meanwhile Canonical's Jane Silber announced that the Ubuntu forums had been breached, allowing hackers to gain access to email addresses and hashed passwords.
"While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them," she said. "If users used the same password on other services they should immediately change that password."
Silber said that the issue is likely limited to the Ubuntu Forums -- no other Ubuntu or Canonical site or service has been affected. The company is now notifying by email all users whose details have been compromised. Canonical is also now investigating exactly how the attackers were able to gain access, and will keep the forums site offline until it can be safely brought back online.
"[We] are working with the software providers to address that issue," she said. "Once the investigation is concluded we will provide as much detail as we safely can. Updates will be posted to the ubuntuforums.org page as they are available. Once again, we apologize for the issue."
As for Apple's breach, the company told CNET in an email that the developer site is down because an intruder attempted to secure personal information of registered developers. The company said that sensitive personal information was encrypted and cannot be accessed, but there's a good chance the hacker accessed some developers' names, mailing addresses, and/or email address.
"We took the site down immediately on Thursday and have been working around the clock since then," Apple said. "In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
The developer website is not associated with any customer information, the company added. Customer information is also securely encrypted.
Canonical and Apple are just two in a string of hacking attempts on high-profile sites over the last month. The previous attacks were on game-related sites including Club Nintendo in Japan, Ubisoft, Konami and developer Bohemia Interactive. The recent attempts on Apple and Canonical could be unrelated to the former group, or could be components of a larger identity theft campaign.
Apple said on Friday, the day after its developer site went down, that it will be extending membership periods if they were set to expire during the down time. All apps uploaded will also remain during that extended period as well.