As a result of the Ubuntu Forums hack recently, I’ve now had to spend several hours going through all my internet logins accounts to see whether or not I have used the same password anywhere else. Not surprising, I have so I have to go through and change them all. Fortunately, LastPass allows me to generate secure passwords which I can use to replace other passwords. The only real place where I would be concerned if they have access would by emails, but I have 2-factor authentication turned on there, and have had it turned on for many months, and they need my email address, password AND phone to get into my account. Even my backup codes are stored on a TrueCrypt volume stored on a LUKS partition on my laptop so they would need two passwords to get at those.
Mind you, it IS good that these forums were hacked, it’s given me a reason to go through my accounts and see which ones I still use and which ones I can delete.
- Ubuntuforums.org Hacked (it.slashdot.org)
- Ubuntu Forums (blenderfox.com)
- Ubuntu Forums Hacked, All User Names and Passwords Have Been Stolen (news.softpedia.com)
- IMPORTANT! Ubuntu Forums Hacked (unixmen.com)
- Ubuntu Forums Hacked, 1.8 Million Passwords, E-Mails & Usernames Stolen (omgubuntu.co.uk)
- The Most Unsafe Passwords of 2012 Look a Lot Like the Ones from 2011 (staples.com)
- Email and passwords compromised after attack on Ubuntu Forums (news.en.softonic.com)
- Ubuntu forum hack sets same-password users at risk (itwriting.com)
- Ubuntu Forum Security Breach (news.slashdot.org)
- Notice of security breach on Ubuntu Forums site (canonical.com)