Check Point’s ZoneAlarm suffers data breach; 4,500 subscribers impacted

Check Point’s ZoneAlarm suffers data breach; 4,500 subscribers impacted

Massive Aptoide data breach compromised data of 20m users

ZoneAlarm, a security firm owned by Check Point that offers security solutions to PC users worldwide, recently suffered an unauthorised intrusion into one of its web domains that compromised names, email addresses, hashed passwords, and date of births of up to 4,500 users.

ZoneAlarm is the consumer brand of renowned security firm Check Point and offers security solutions against malware, ransomware, phishing, and identity theft to over 100 million PC users located all over the world.

On Monday, The Hacker News revealed that hackers gained unauthorised access into one of ZoneAlarm’s web forums and gained access to names, email addresses, hashed passwords, and dates of birth of nearly 4,500 subscribers who were registered with the affected “forums.zonealarm.com” domain.

While ZoneAlarm or Check Point did not publicly announce the breach, the former sent emails to affected subscribers, informing them about the security incident and advising them to change their forum account passwords immediately.

“This [the affected domain] is a separate website from any other website we have and used only by a small number of subscribers who registered to this specific forum.

“The subscribers’ index in this specific forum was compromised and leaked. The index includes the name, email address and date of birth provided by the subscriber upon registration. Passwords remain encrypted. However, as a security measurement, we kindly ask you to change the password associated with your forum’s account.

“The website became inactive in order to fix the problem and will resume as soon as it is fixed. You will be requested to reset your password once joining the forum.

“ZoneAlarm is conducting a thorough investigation into the whereabouts of this incident and views this as a serious matter. Should you be interested, we will continue to update you with new information we gather about this event,” the email read.

Hackers exploited a flaw in vBulletin forum software to hack into the domain owned by ZoneAlarm

Upon contacting the security firm, The Hacker News learned that “attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and gain unauthorised access”.

It also learned that the firm was running an outdated 5.4.4 version of the vBulletin software that contained a zero-day vulnerability that was revealed by a hacker in September this year and which was exploited by hackers to hack into the Comodo forum website and access login information of 245,000 users.

This isn’t the first time that hackers have exploited security vulnerabilities in the vBulletin forum software to breach web forums and access user data. In June this year, Emuparadise, a website offering popular retro games dating back over twenty years to gaming enthusiasts, announced that it suffered a data breach in April last year that compromised email addresses, usernames, passwords, and IP addresses that were linked to 1,131,229 user accounts.

These details were taken by cyber criminals from Emuparadise vBulletin forums but it is believed that the breach did not compromise payment cards or other financial information of gamers. After the breach took place, Emuparadise migrated to a fresh Net64+ server to allow gamers to play against each other.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]