Abarbarian
Acruncher
- Joined
- Sep 30, 2005
- Messages
- 11,023
- Reaction score
- 1,223
LinuxForums.org Hack Exposes 276,000 User Accounts
https://www.reddit.com/r/linux/comments/8pe70u/change_your_linuxforums_dot_org_passwords/
If you look on the LinuxForums site you will see no mention of the leak. If they have been hacked then you really should change your password.
http://www.linuxforums.org/forum/
Personally if they have been hacked and they have not bothered to alert their users then I would simply cancel my account and never use their site again.
The LinuxForums.org data breach is a consequence of the forums using an old version of vBulletin (version 4.2.2, released back in October 2013), a proprietary Internet forum software. Along with the 276k unique email addresses, usernames, IP addresses and salted MD5 password hashes were also leaked. Using salted MD5 password hashes is a bad idea because... well, MD5 is very fast, so an attacker can try billions of password combinations per second.
What's more, the haveibeenpwned.com website mentions that "Linux Forums did not respond to multiple attempts to contact them about the breach". There's no announcement about this issue on the LinuxForums.org either. It appears the forum was down for the past 3 days, and some parts of the LinuxForums.org website are not working right now due to a fatal error.
https://www.reddit.com/r/linux/comments/8pe70u/change_your_linuxforums_dot_org_passwords/
If you look on the LinuxForums site you will see no mention of the leak. If they have been hacked then you really should change your password.
http://www.linuxforums.org/forum/
Personally if they have been hacked and they have not bothered to alert their users then I would simply cancel my account and never use their site again.