Security Experts:

Data of ZoneAlarm Forum Users Leaked Following Breach

The forum dedicated to Check Point’s ZoneAlarm security product appears to have been breached and the details of the forum’s members have been leaked online.

Check Point says its ZoneAlarm product has been used by nearly 100 million users worldwide, but the incident only appears to impact a few thousand users. The ZoneAlarm forum has roughly 4,500 members, but Breach Report claims to have come across a file containing 5,175 leaked records.

The file contains email addresses, password hashes, dates of birth, and user IP addresses. The ZoneAlarm forum is powered by the vBulletin forum software and Breach Report suggested that hackers may have obtained the data after exporting CVE-2019-16759, a vBulletin vulnerability that was patched in late September.

The flaw had been exploited before the release of a patch and some claimed that its existence had been known for years.

Check Point representatives said the ZoneAlarm team contacted affected individuals within 24 hours of detecting the breach. The company is conducting an investigation into the incident and would not confirm that it involved exploitation of a vBulletin vulnerability.

The company said passwords “remain encrypted,” but advised users to change them “as a security measure.”

“It is important to stress that this website is isolated from any other of Check Point's websites and was used only by the registered ZoneAlarm forum subscribers. ZoneAlarm itself is one of our smallest product lines,” Check Point told SecurityWeek via email.

The ZoneAlarm forum is currently offline.

Related: 562,000 Impacted in XKCD Forum Data Breach

Related: Android Forums Suffers Data Breach

Related: Click2Mail Informs Users of Data Breach

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.