A short diary to alert those in this community who are members of the Ubuntuforums.org website that, according to OMG! Ubuntu:
‘Every user’s local username, password, and email address [were stolen] from the Ubuntu Forums database’ Canonical say in a statement posted on the website, adding that while the ‘passwords (stolen) are not stored in plain text’ those who use the same password on other services should ‘change the password on the other service[s] ASAP.’
While data from the Forums has been compromised they stress that other services, such as Ubuntu One and Launchpad, ‘are not affected by the breach’.
Apparently the breach occurred because the system administrators apparently hadn't kept the bulletin board software up to date. Interestingly, the software being used by the Ubuntu Forums admins was not open source. The impact of the breach was compounded because
the site administrators also failed to use a strong password protection routine - so the passwords were being stored in a relatively easy to hack fashion.
There is an anecdotal report of the email list having been released into "the wild".
So, if you're one of those one password for every website folks (and you use ubuntuforums.org, reputation.com or livingsocial.com which hacked earlier this year), change your passwords.