Updating software is important, but it’s the third-party add-ons that get servers pwned. No component — theme, plugin, or module — is too small.
Canonical, the commercial vendor behind Ubuntu Linux, has disclosed a security breach where an unknown adversary accessed the database powering the Ubuntu support forums and obtained usernames, passwords, and IP addresses of two million users.