After Snapchat hack, this can be another worst data breach of the new year. A Pakistani hacker 'H4x0r HuSsY' has successfully compromised the official Forum of 'openSUSE', a Linux distro developed, sponsored & supported by SUSE.
The hacker managed to deface the Forum and uploaded its custom message page as shown and account information of 79,500 registered users' may have been compromised. (The forum was defaced at the time of writing - Check Here)
The popular website MacRumors's Forum was compromised in last November using an alleged zero day exploit, which is based on vBulletin, a famous forum software. The openSUSE Forum is also based upon vBulletin.
Another interesting fact is that openSUSE is still using vBulletin 4.2.1, which is vulnerable to inject rogue administrator accounts flaw. Whereas, the latest patched vBulletin 5.0.5 is available. Possibly, Hacker exploits same or another known vBulletin version 4.2.1 vulnerability to access the website's administrative panel.
Update (7:00 PM Tuesday, January 7, 2014 GMT): The Pakistani Hacker confirmed is that has uploaded a PHP shell on the forum server using his own Private vBulletin's zero-day exploit, that allows him to browse, read or write/overwrite any file on the Forum server without root privileges.
opensuse гордо забирает у ubuntu переходящее знамя. Кто будут следующим?