Obviously, Ubuntu Linux is the most powerful operating system, and perhaps it’s tough to hack to this system since every time you go to the installation or somewhat security-related work, it would ask you to enter the password. However, the Ubuntu Linux forum was hacked. Soon this article I will discuss how it had become possible.

One thing we should keep in a mind that although forum was hacked, that did not imply that Ubuntu operating system was not safe or cut or there is some weakness in the operating system. Instead, the breach only affects the Ubuntu online forum that people used to discuss the OS. So many personal information data like IP address, usernames, and email addresses have been compromised and failed to apply a patch to secure its user data.

To solve this problem, many investigations have been done. And under in-depth research, they came to find the reason behind of being hacked, and it is concluded that it left Known SQLi (SQL injection) vulnerability unpatched in the Forum runner add-on and it shows or uncovers its user data. So this problem was created.

SQL inje, action attack is an attack that is used to inject malicious SQL commands through the input data from the client to the application to breach the database and get access to the user’s data.

So this vulnerability is most dangerous and powerful if it uses an SQL-based database for any website or web application. Now let’s know how hackers were able to do such a crime.

  1. The attackers were able to inject formatted SQL to the Forums database on the Forums database servers, which gave them access to read from any table.
  2. The attackers then used the high access to download portions of the ‘user’ table containing usernames, email addresses, and IP addresses for 2 Million users.

 

Furthermore, the passwords stored in this table were random strings like Hashed and Salted, and the Ubuntu Forum depends on Ubuntu Sign-On for logins. Besides it is still upsetting that firm’s silly mistake of not installing a patch for a Known bug called Ubuntu Linux Forum caused uncover of its 2 million users personal data like IP address, usernames, and email addresses.

So always keep in mind that even a simple mistake leads you in disaster, so negligence must be avoided as far as possible if that is in the case of any Information technology related fields.