‘ZoneAlarm’ an Israeli owned cybersecurity firms suffered a data breach exposing data of its discussion forum users.
ZoneAlarm is an Internet Security software company that provides consumer antivirus and firewall products with nearly 100 million downloads.
“Though neither ZoneAlarm or its parent company Check Point has yet publicly disclosed the security incident, the company quietly sent an alert via email to all affected users,” reads the post published by The Hacker News.
The company sent an email notification to ZoneAlarm forum users advising them to change their forum account passwords, informing them hackers have gained unauthorised access to the forum members data including names, email addresses, hashed passwords and date of births. It is unclear when the attackers compromised the ZoneAlarm forum.
The security incident only affects users registered with the “forums.zonealarm.com” domain, which has a nearly 4,500 subscribers. This website is separate from any other website and used by a small number of subscribers who registered to this specific forum.
“The website became inactive to fix the problem and will resume as soon as it is fixed. You will be requested to reset your password once joining the forum,” read data breach notification message.
It is embarrassing to know that the incident was caused by the lack of patch management for the impacted forum. A spokesperson confirmed The Hacker News that attackers exploited a known critical RCE vulnerability CVE-2019-16759 in the vBulletin forum to compromise ZoneAlarm’s website and gain unauthorised access.
The hacker works on vBulletin versions 5.0.0 till the latest 5.5.4 for which the project maintainers later released patch updates, but only for recent versions 5.5.2, 5.5.3 and 5.5.4. Surprisingly, the security company itself was running an outdated 5.4.4 version of the vBulletin software.
This is the same zero-day vBulletin that an anonymous hacker disclosed the technical details and proof-of-concept in late September. The problem could be exploited by an unauthenticated attacker to take full control over unpatched vBulletin installations.
The ITarian Forum, the Comodo website accessing login credentials of nearly 245,000 users, suffered a data breach by unknown attackers due to CVE-2019-16759 remote code execution vulnerability.
“ZoneAlarm is conducting an investigation into the matter. We take pride in the fact that we took a proactive approach once this incident was detected and within 24 hours and alerted the forum members,” the company’s spokesperson said.
You may be interested in reading: Click2Mail Suffers Data Breach