Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Data of ZoneAlarm Forum Users Leaked Following Breach

The forum dedicated to Check Point’s ZoneAlarm security product appears to have been breached and the details of the forum’s members have been leaked online.

The forum dedicated to Check Point’s ZoneAlarm security product appears to have been breached and the details of the forum’s members have been leaked online.

Check Point says its ZoneAlarm product has been used by nearly 100 million users worldwide, but the incident only appears to impact a few thousand users. The ZoneAlarm forum has roughly 4,500 members, but Breach Report claims to have come across a file containing 5,175 leaked records.

The file contains email addresses, password hashes, dates of birth, and user IP addresses. The ZoneAlarm forum is powered by the vBulletin forum software and Breach Report suggested that hackers may have obtained the data after exporting CVE-2019-16759, a vBulletin vulnerability that was patched in late September.

The flaw had been exploited before the release of a patch and some claimed that its existence had been known for years.

Check Point representatives said the ZoneAlarm team contacted affected individuals within 24 hours of detecting the breach. The company is conducting an investigation into the incident and would not confirm that it involved exploitation of a vBulletin vulnerability.

The company said passwords “remain encrypted,” but advised users to change them “as a security measure.”

“It is important to stress that this website is isolated from any other of Check Point’s websites and was used only by the registered ZoneAlarm forum subscribers. ZoneAlarm itself is one of our smallest product lines,” Check Point told SecurityWeek via email.

The ZoneAlarm forum is currently offline.

Advertisement. Scroll to continue reading.

Related: 562,000 Impacted in XKCD Forum Data Breach

Related: Android Forums Suffers Data Breach

Related: Click2Mail Informs Users of Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...