Many users are at risk of their passwords being stolen after hackers managed to gain up to 1.8 million of them from the Ubuntu forums. Ubuntu is warning all of its users to change their passwords and any other passwords that are similar to their forum login. These hackers would be able to use the logins to gain information about other sites that you use and try to hack into those as well. This is why using extra security features such as 2 step verification. You should also be using a random password generator and a password manager to maximise your security. Unfortunately,these will not be able to protect against an attack like this.
What To Do?
If you are a Ubuntu forum user then you should immediately change your password and any other passwords similar to it. The reason is that most people wont have different passwords for their logins. The issue with this is that they can easily gain access to your other information and accounts. Think about it if you have an Ubuntu passwords of forumpassword1 and then you go to facebook and have a password of facebookpassword1 we can easily guess your trend and then access other accounts using that same system.
What If I Was Not Effected?
If you are not hacked or don’t believe so it is still recommended that you change your password, and the reason is that the general reports can be wrong, and there could be more hacked passwords then originally thought. Even if the number was not true then there is a chance that they could do the attack again using a similar exploit and get your information. So as you can see no matter what when a company has a hack attack then you need to change your information to stay secure.
How Did This Happen?
As of now we are not sure or alerted by the foundation however the most common ways that a hacker gets information is through an exploit in the login system. The might have done something similar to the facebook hack that is going around or they could have done something as complex as forcing their way into the server to mine the information. The question is why would they hack the passwords in the first place these passwords are not that valuable and generally Linux users know to have different passwords across different websites so it will be interesting if we can get a motive from the hackers or at least know how they did it.