According to information security specialists, ZoneAlarm, the firewall software produced by security firm Check Point, was the victim of a data breach that compromised the information stored in one of the company’s online forums.
After infiltrating the ZoneAlarm forum, threat actors gained illegitimate access to the full names, dates of birth, email addresses and passwords (protected with encryption) of more than 4,000 Check Point clients.
No company has issued an official statement publicly, although ZoneAlarm has already notified its users via email, further advising that passwords be reset as soon as possible.
“The website will remain inactive until the incident is corrected; activities will resume as soon as the problem is resolved. You are prompted to reset your password as soon as you log in to the forum”, reads the message sent by the company. In addition, information security experts say ZoneAlarm is already implementing an incident recovery plan.
According to the specialized platform The Hacker News, the hacker group responsible for this attack compromised ZoneAlarm’s forum information by exploiting a critical vulnerability of remote code execution in the vBulletin software, used in the forum Company.
Information security specialists at the International Institute of Cyber Security (IICS) mention that ZoneAlarm may not have updated its vBulletin software, so the forum would still have been running the previous version (5.4.4) to the previous version (5.4.4) to moment of the incident.
Should this version be confirmed, the company would have made a serious mistake, as this version of vBulletin contained a zero-day vulnerability that was actively exploited, even exploited this vulnerability in the attack on the user forum of the firm of Comodo security, an incident that exposed the login data of more than 200,000 users.
Another vulnerability-related incident in the vBulletin software was reported in January this year, when operators of the retro gaming website Emuparadise was compromised by hackers who managed to access usernames, email addresses, passwords and IP addresses of more than 1 million site user accounts.