Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Data of ZoneAlarm Forum Users Leaked Following Breach

The forum dedicated to Check Point’s ZoneAlarm security product appears to have been breached and the details of the forum’s members have been leaked online.

The forum dedicated to Check Point’s ZoneAlarm security product appears to have been breached and the details of the forum’s members have been leaked online.

Check Point says its ZoneAlarm product has been used by nearly 100 million users worldwide, but the incident only appears to impact a few thousand users. The ZoneAlarm forum has roughly 4,500 members, but Breach Report claims to have come across a file containing 5,175 leaked records.

The file contains email addresses, password hashes, dates of birth, and user IP addresses. The ZoneAlarm forum is powered by the vBulletin forum software and Breach Report suggested that hackers may have obtained the data after exporting CVE-2019-16759, a vBulletin vulnerability that was patched in late September.

The flaw had been exploited before the release of a patch and some claimed that its existence had been known for years.

Check Point representatives said the ZoneAlarm team contacted affected individuals within 24 hours of detecting the breach. The company is conducting an investigation into the incident and would not confirm that it involved exploitation of a vBulletin vulnerability.

The company said passwords “remain encrypted,” but advised users to change them “as a security measure.”

“It is important to stress that this website is isolated from any other of Check Point’s websites and was used only by the registered ZoneAlarm forum subscribers. ZoneAlarm itself is one of our smallest product lines,” Check Point told SecurityWeek via email.

The ZoneAlarm forum is currently offline.

Related: 562,000 Impacted in XKCD Forum Data Breach

Related: Android Forums Suffers Data Breach

Related: Click2Mail Informs Users of Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.