Ubuntu Linux developer Canonical has admitted that the data of 2 million of its forum users has been compromised, following the exploitation of a known SQL vulnerability. The flaw was found in the ‘Forumrunner’ add-on, which was left unpatched. User passwords have not been breached, but the attacker had access to the usernames, email addresses and IPs for the 2 million affected. Ryan O’Leary, VP Threat Research Centre at WhiteHat Security commented below.
Ryan O’Leary, VP Threat Research Centre at WhiteHat Security:
“SQL injection is not the most difficult attack to execute. In fact, it’s one of the very first skills you learn when trying to attack a site, because of the prevalence of the flaw and ease of exploitation. Companies need to run a thorough vulnerability assessment and fix these critical, yet easy-to-exploit, vulnerabilities.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.