OpenSUSE Forums Hacked, User Email Addresses Compromised

OpenSUSE forums have been taken offline after hackers exploited a vulnerability in the forums’ vBulletin implementation to access a database and steal email addresses.

The forums for the Linux-based operating system openSUSE remain down today and for the foreseeable future following a hack earlier this week that appears to have compromised some of its users’ email addresses.

OpenSUSE claims the hacker was able to exploit a vulnerability in the forum’s software, vBulletin, that allowed them to upload files and granted them secure access to the site’s database.

On the project’s Twitter account openSUSE clarified that the email addresses belonging to anyone who’s ever logged into the forum, somewhere around 79,500 users, are implicated in the hack.

Despite claims the hacker gleaned user data, openSUSE insists credentials like users’ passwords have not been compromised because they are not saved in openSUSE’s application databases. The company points out it uses a single-sign-on system, NetIQ’s Access Manager, that exists separate from openSUSE and its forums.

What the hacker did manage to swipe were fake passwords, or “random, automatically set strings that are in no way connected to your real password,” according to a blog post by the group yesterday.

vBulletin had tough go of it in 2013 and now  it seems their problems are carrying over to 2014.

Another Linux-based OS that used the service, Ubuntu, had its forums breached back in July to the tune of 1.8 million leaked usernames, e-mail addresses and passwords. MacRumors.com, a popular Apple fansite had its forums – which also ran vBulletin – hacked in November, yet none of that data, around 860,000 passwords, were ever released.

The hacking group Inj3ct0r eventually took credit for both of those attacks, explaining they used a zero-day vulnerability discovered in versions of vBulletin 4.x.x and 5.x.x.

According to a report from HackerNews.com, who managed to screenshot the defaced site before openSUSE took it down, this attacker goes by the name H4x0r HuSsY and used a hole in the 4.2.1 build of the vBulletin software to vandalize the forums.

“The Pakistani Hacker confirmed [he] uploaded a PHP shell on the forum server using his own Private vBulletin’s zero-day exploit, that allows him to browse, read or write/overwrite any file on the Forum server without root privileges.”

The site was unreachable yesterday and “OpenSuse Official Forum Hacked by H4x0r HuSsY, Pakistani LeeT InsiDe y0 b0x! We are Team MaDLeeTs” was plastered in place of where the forums would have usually been found.

Citing a lack of known fixes or workarounds, openSUSE took the forums offline yesterday until it can come up with a solution.

Suggested articles