LinuxForums.org Hack Exposes 276,000 User Accounts

[Abarbarian]

LinuxForums.org Hack Exposes 276,000 User Accounts

The LinuxForums.org data breach is a consequence of the forums using an old version of vBulletin (version 4.2.2, released back in October 2013), a proprietary Internet forum software. Along with the 276k unique email addresses, usernames, IP addresses and salted MD5 password hashes were also leaked. Using salted MD5 password hashes is a bad idea because... well, MD5 is very fast, so an attacker can try billions of password combinations per second.

What's more, the haveibeenpwned.com website mentions that "Linux Forums did not respond to multiple attempts to contact them about the breach". There's no announcement about this issue on the LinuxForums.org either. It appears the forum was down for the past 3 days, and some parts of the LinuxForums.org website are not working right now due to a fatal error.

https://www.reddit.com/r/linux/comments/8pe70u/change_your_linuxforums_dot_org_passwords/

If you look on the LinuxForums site you will see no mention of the leak. If they have been hacked then you really should change your password.

http://www.linuxforums.org/forum/

Personally if they have been hacked and they have not bothered to alert their users then I would simply cancel my account and never use their site again.

 

[Ian]

It looks like they're running vBulletin, which was great 10 years ago... but insecurities seem to be found so often in it now.

Another good reason to use an offline password manager, with unique passwords for each site (although I seem to remember you do this already ). It should limit the damage when things like this happen .