"While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them," Silber noted. "If users used the same password on other services they should immediately change that password."
According to Silber, the issue is limited to the Ubuntu Forums -- no other Ubuntu or Canonical site or service appears to be affected.
Still, Sophos reports that, in a TwitLonger post, hacker Sputn1k_ claimed responsibility for the breach and said he had no intention of leaking the stolen data. "That isn't how I like to do things," Sputn1k_ wrote. "If I do get into a website, most of the time there's no REAL malicious intentions. Grab the database, leave a message. That's it. I don't like to over-do things."