Canonical reported on July 14 that Ubuntu forums were breached. Attackers were able to steal usernames, email addresses, and IP addresses of more than two million users.

This is the second time Ubuntu forums were breached. The last breach happened in 2013 when attackers stole email addresses, passwords, and usernames of members.

Despite its claims of being an open source Linux company, Canonical is running its forums on proprietary vBulletin software. But Canonical is not alone, Fedora and SUSE also use vBulletin for their forums.

Ubuntu forums were hacked because admins at Canonical didn’t update the forum software. Security expert Graham Cluley wrote on his blog, “What a goof. If you don’t patch the software running on your website, don’t be surprised if a hacker compromises your system and makes off with your customer’s data.”

This is the second high-profile break-in in the desktop Linux world. The Linux Mint site was hacked earlier this year.