- ZoneAlarm admitted a data breach on their forums and is sending thousands of warning messages to its users.
- The forum was based on an outdated and vulnerable version of vBulletin, so the compromise was easy.
- The firm claims to have detected the breach in under 24 hours and says that no plaintext passwords were exposed.
The Hacker News reports that the forum site of ZoneAlarm has been breached by hackers, resulting in the exposure of user discussions. ZoneAlarm belongs to Check Point, the renown and highly successful Israeli cybersecurity firm. The platform is empowering people to stay safe online through an antivirus, firewall, and other protection solutions geared towards home, small office, and mobile phone users. Counting over 100 million customers, the forum naturally hosts a large number of discussions, ranging from casual support requests to expert technical advice. The number of registered forum users is a lot smaller, though, at nearly 4500.
Still, this data breach was a blow to the credibility of the company, as they really should have known better. According to the details that surfaced, the hackers took advantage of a known RCE exploit in the vBulletin Internet forum software platform. The particular flaw (CVE-2019-16759) was disclosed on September 23, 2019, and affects all versions from 5.0.0 to 5.5.4. As it was revealed, ZoneAlarm administrators didn’t apply the patches that were released to plug the exploit, and so the forum of the security products was vulnerable to malicious attacks. Comodo’s forum suffered the same breach over a month ago, but it seems that the competitor’s strangle didn’t serve as a warning for ZoneAlarm.
We also covered the breach of Hookers.nl on October 11, which was based on the same vBulletin flaw, so ZoneAlarm had ample of time and reminding opportunities until the date of their incident. Now that it happened, the company had no other choice than to circulate email messages to its users, informing them that they need to reset their passwords. According to the message, the information that has leaked includes their names, email addresses, dates of birth, and encrypted passwords. The company also states that they managed to discover the breach in less than 24 hours, so the damage was somewhat contained.
Right now, the forum is undergoing technical sanitation, and so it’s down. Users will be able to reset their passwords when the website comes back up again, but in the meantime, there’s no reason to panic. The hackers won’t be able to use your passwords as they will have to decrypt them first, something that is practically impossible. As for the other information that was exposed, phishing is a risk associated with email addresses and names, so you should be careful with how you handle any unsolicited messages that make bold claims.