Ubuntu strongly urges users to change their passwords.
Hackers have targeted 1.82 million Ubuntu Forum accounts and exposed all registered users’ account details in a security breach, after the sites were shut down for maintenance.
According to the firm, Ubuntu One, Launchpad and other Ubuntu/Canonical services have not been impacted by the breach.
User passwords have been stored as salted hashes, rather than in plain text, by cryptographically scrambling using the MD5 hashing algorithm, together with a per-user cryptographic salt.
Ubuntu CEO Jane Silber said that while the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them.
"If users used the same password on other services, they should immediately change that password," Silber said.
"We believe the issue is limited to the Ubuntu Forums and no other Ubuntu or Canonical site or service is affected.
"We are continuing to investigate exactly how the attackers were able to gain access and are working with the software providers to address that issue."
Ubuntu is also informing all users by email whose credentials have been compromised.