According to information security specialists, ZoneAlarm, the firewall software produced by security firm Check Point, was the victim of a data breach that compromised the information stored in one of the company’s online forums.
After infiltrating the ZoneAlarm forum, threat
actors gained illegitimate access to the full names, dates of birth, email
addresses and passwords (protected with encryption) of more than 4,000 Check
Point clients.
No company has issued an official statement
publicly, although ZoneAlarm has already notified its users via email, further
advising that passwords be reset as soon as possible.
“The website will remain inactive until
the incident is corrected; activities will resume as soon as the problem is resolved.
You are prompted to reset your password as soon as you log in to the
forum”, reads the message sent by the company. In addition, information
security experts say ZoneAlarm is already implementing an incident recovery
plan.
According to the specialized platform The Hacker News, the hacker group responsible for this attack compromised ZoneAlarm’s forum information by exploiting a critical vulnerability of remote code execution in the vBulletin software, used in the forum Company.
Information security specialists at the
International Institute of Cyber Security (IICS) mention that ZoneAlarm may not
have updated its vBulletin software, so the forum would still have been running
the previous version (5.4.4) to the previous version (5.4.4) to moment of the
incident.
Should this version be confirmed, the company
would have made a serious mistake, as this version of vBulletin contained a
zero-day vulnerability that was actively exploited, even exploited this
vulnerability in the attack on the user forum of the firm of Comodo security,
an incident that exposed the login data of more than 200,000 users.
Another vulnerability-related incident in the
vBulletin software was reported in January this year, when operators of the
retro gaming website Emuparadise
was compromised by hackers who managed to access usernames, email addresses,
passwords and IP addresses of more than 1 million site user accounts.
