A short diary to alert those in this community who are members of the Ubuntuforums.org website that, according to OMG! Ubuntu:
‘Every user’s local username, password, and email address [were stolen] from the Ubuntu Forums database’ Canonical say in a statement posted on the website, adding that while the ‘passwords (stolen) are not stored in plain text’ those who use the same password on other services should ‘change the password on the other service[s] ASAP.’Apparently the breach occurred because the system administrators apparently hadn't kept the bulletin board software up to date. Interestingly, the software being used by the Ubuntu Forums admins was not open source. The impact of the breach was compounded because the site administrators also failed to use a strong password protection routine - so the passwords were being stored in a relatively easy to hack fashion.
While data from the Forums has been compromised they stress that other services, such as Ubuntu One and Launchpad, ‘are not affected by the breach’.
There is an anecdotal report of the email list having been released into "the wild".