The forums at ZoneAlarm, which is owned by Check Point and whose products are used by over 100 million people, have been hacked because of a vulnerability in vBulletin. As a result, users’ data fell into the hands of attackers.Fortunately, despite the considerable user base of ZoneAlarm, the leak affected the forum hosted on forums.zonealarm.com (currently unavailable because the company fixes the problem), which has only about 4,500 users.
It was reported that among the compromised data was information about email addresses, password hashes, dates of birth and IP addresses of users.
Although neither ZoneAlarm nor its parent company, Check Point, have disclosed detailed information about the incident, emails have already been sent to all affected users to notify them of the incident.
Despite the fact that leaked passwords (according to the company) were “encrypted”, users of the ZoneAlarm forum are still advised to immediately change the passwords from their accounts.
“This [forum] is a separate website from any other website we have and used only by a small number of subscribers who registered to this specific forum. The website became inactive in order to fix the problem and will resume as soon as it is fixed. You will be requested to reset your password once joining the forum”, — said in a message sent to the forum by e-mail.
The forum is currently unavailable, and the company is still working on a fix.
The Hacker News publication, citing company representatives, reports that the forum was compromised with the use of the CVE-2019-16759 RCE vulnerability that was discovered and fixed in the vBulletin forum engine at the end of September this year. As it turned out, until recently, ZoneAlarm used an outdated version of vBulletin.
“We found that, surprisingly, the security company itself was running an outdated 5.4.4 version of the vBulletin software until last week that let attackers compromise the website easily. It’s the same then-zero-day vBulletin exploit that an anonymous hacker publicly disclosed in late September this year, which, if exploited, could allow remote attackers to take full control over unpatched vBulletin installations”, — reports The Hacker News magazine.
Let me remind you that earlier, due to this vulnerability, the official Comodo forums have already suffered, as well as Italian and Dutch resources for sex workers (prostitution is legal in these countries).