Checkpoint’s Zone Alarm Suffers Breach Of 4,500 Subscribers’ Data

ZoneAlarm, a security firm owned by Check Point that offers security solutions to PC users worldwide, recently suffered an unauthorised intrusion into one of its web domains that compromised names, email addresses, hashed passwords, and date of births of up to 4,500 users.

Upon contacting the security firm, The Hacker News learned that “attackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and gain unauthorised access”.

It also learned that the firm was running an outdated 5.4.4 version of the vBulletin software that contained a zero-day vulnerability that was revealed by a hacker in September this year and which was exploited by hackers to hack into the Comodo forum website and access login information of 245,000 users

TEISS has covered the story here: https://www.teiss.co.uk/zonealarm-data-breach/