ZoneAlarm, a security firm owned by Check Point that offers security solutions to PC users worldwide, recently suffered an unauthorised intrusion into one of its web domains that compromised names, email addresses, hashed passwords, and date of births of up to 4,500 users.
ZoneAlarm is the consumer brand of renowned security firm Check Point and offers security solutions against malware, ransomware, phishing, and identity theft to over 100 million PC users located all over the world.
On Monday, The Hacker News revealed that hackers gained unauthorised access into one of ZoneAlarm’s web forums and gained access to names, email addresses, hashed passwords, and dates of birth of nearly 4,500 subscribers who were registered with the affected “forums.zonealarm.com” domain.
While ZoneAlarm or Check Point did not publicly announce the breach, the former sent emails to affected subscribers, informing them about the security incident and advising them to change their forum account passwords immediately.
“This [the affected domain] is a separate website from any other website we have and used only by a small number of subscribers who registered to this specific forum.
“The subscribers’ index in this specific forum was compromised and leaked. The index includes the name, email address and date of birth provided by the subscriber upon registration. Passwords remain encrypted. However, as a security measurement, we kindly ask you to change the password associated with your forum’s account.
“The website became inactive in order to fix the problem and will resume as soon as it is fixed. You will be requested to reset your password once joining the forum.
“ZoneAlarm is conducting a thorough investigation into the whereabouts of this incident and views this as a serious matter. Should you be interested, we will continue to update you with new information we gather about this event,” the email read.
Hackers exploited a flaw in vBulletin forum software to hack into the domain owned by ZoneAlarm
Upon contacting the security firm, The Hacker News learned that “attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and gain unauthorised access”.
It also learned that the firm was running an outdated 5.4.4 version of the vBulletin software that contained a zero-day vulnerability that was revealed by a hacker in September this year and which was exploited by hackers to hack into the Comodo forum website and access login information of 245,000 users.
This isn’t the first time that hackers have exploited security vulnerabilities in the vBulletin forum software to breach web forums and access user data. In June this year, Emuparadise, a website offering popular retro games dating back over twenty years to gaming enthusiasts, announced that it suffered a data breach in April last year that compromised email addresses, usernames, passwords, and IP addresses that were linked to 1,131,229 user accounts.
These details were taken by cyber criminals from Emuparadise vBulletin forums but it is believed that the breach did not compromise payment cards or other financial information of gamers. After the breach took place, Emuparadise migrated to a fresh Net64+ server to allow gamers to play against each other.