ZoneAlarm which is an Internet security software company owned by Israeli cybersecurity firm Check Point Technologies, was affected by a data breach that exposed the discussion forum user’s data.
ZoneAlarm having around 100 million downloads, provides antivirus software, firewall, and additional virus protection solutions to home PC users, small businesses, and mobile phones worldwide.
ZoneAlarm or its parent company Check Point has not publicly revealed about the security incident, but the company sent an alert through email to all the affected users this weekend.
According to the email notification, all the ZoneAlarm forum users are advised to immediately change their forum account passwords. The users are also informed that the hackers have unauthorizedly gained access to their names, email addresses, hashed passwords, and date of births.
The notification also states that the security incident only affected users registered with the “forums.zonealarm.com” domain, which has few subscribers, around 4,500. The forum is a separate website from any other website they have and are used only by a small number of subscribers who registered to this specific forum.
The website was made inactive to fix the issue and will resume once it is fixed. The users must reset the password after joining the forum.
vBulletin 0-Day Flaw Exploited
A company spokesperson confirmed that the hackers exploited a known critical RCE vulnerability (CVE-2019-16759) in the vBulletin forum software to compromise ZoneAlarm’s website and attain unauthorized access.
This vulnerability affected vBulletin versions 5.0.0 up to the latest 5.5.4, for which the project maintainers released patch updates, but only for recent versions 5.5.2, 5.5.3, and 5.5.4.
It was found that the company was running an outdated 5.4.4 version of the vBulletin software until last week that enabled the attackers to compromise the website easily.
This zero-day vBulletin exploit was publicly disclosed by an anonymous hacker in late September which when exploited, could let remote attackers to take full control over unpatched vBulletin installations.
The ZoneAlarm team came to know about the breach just late last week and immediately informed affected users. But it was not sure when the attackers actually breached the website.
According to the spokesperson, ZoneAlarm is conducting an investigation regarding the incident. They claim to have taken a proactive approach after detecting the incident and have alerted the forum members within 24 hours.
Those users who are affected by the breach are highly recommended to change their passwords for any other online account where the same credentials are used and change the passwords of the ZoneForum website also, once the site is back to live.