LinuxForums.org Hack Exposes 276,000 User Accounts

According to haveibeenpwned.com, the LinuxForums.org website was hacked on the 1st of May 2018, resulting in the disclosure of around 276k unique email addresses.

LinuxForums.org is a free help and support forum for Linux distributions software, and computer hardware, which currently hosts more than 200,000 registered members. The website was launched back in 2001, and in 2008 it changed ownership, now being owned by MAS Media Inc.

The LinuxForums.org data breach is a consequence of the forums using an old version of vBulletin (version 4.2.2, released back in October 2013), a proprietary Internet forum software. Along with the 276k unique email addresses, usernames, IP addresses and salted MD5 password hashes were also leaked. Using salted MD5 password hashes is a bad idea because... well, MD5 is very fast, so an attacker can try billions of password combinations per second.

Related: Bitwarden: The Secure, Open Source Password Manager You're Looking For.

What's more, the haveibeenpwned.com website mentions that "Linux Forums did not respond to multiple attempts to contact them about the breach". There's no announcement about this issue on the LinuxForums.org either. It appears the forum was down for the past 3 days, and some parts of the LinuxForums.org website are not working right now due to a fatal error.

If you have a LinuxForums.org account, it's recommended you change the password and use a new, unique, random-generated password instead.


Seen on Reddit (thanks to u/kpcent).