Cyber Security firm Comodo announced a data breach that affected approximately 245,000 registered users.
Comodo is one of the Cyber Security firms know for its products like Antivirus, Internet Security, Endpoint Security, and Website Security.
According to Comodo reports the intrusion takes place over the last weekend at 4:57 am ET on Sunday, September 29, 2019.
Hackers exploited the recently disclosed vBulletin remote code execution flaw in Comodo forums and exfiltrates the user’s personal information.
vBulletin is a forum software package based on MySQL and PHP, like other CMS this package used to build Internet forums.
Last week a hacker publically disclosed an RCE Zero-day Exploit in vBulletin forum which works on all versions from 5.0.0 till 5.5.4. An attacker could exploit this vulnerability by sending a malformed HTTP POST request to execute the arbitrary code in the targeted forum.
vBulletin released a security patch to address the vulnerability on Versions 5.5.2, 5.5.3, and 5.5.4. User’s recommended to apply the patches immediately.
Comodo Forums Data Breach
An unknown attacker gained access to the Comodo forums database by exploiting the vBulletin vulnerability. The company is currently investigating to see which data are accessed.
“User accounts on the forums contain information such as username, name, e-mail address, last IP used to access the forums and if used, potentially some social media usernames in very limited situations. All user passwords in the database were stored encrypted. Comodo forums currently have approximately 245,000 registered users,” reads Comodo report.
As a good practice, Comodo recommends user’s to reset the login credentials.
On another hand in a popular hacking forum, 170,000 Comodo users account data was listed for sale, the advertisement states that the data was retrieved from Comodo forums.
Bleeping Computer able to verify the database and the database contains mostly inactive Comodo user accounts. The following are the details present.
- ID (unique identifier)
- Name (username)
- The IP address of the last login (IP address used at the last log in)
- Password (password and its modifier for the hash function)
- Security question (security question)
- Security answer (hashed answer to a security question)
- Registration date
- Messenger usernames (usernames in messengers)
- Total time logged in