Cybersecurity Company Check Point’s ZoneAlarm Forum Hacked – Attackers Exploited Patched vBulletin 0-Day Flaw

ZoneAlarm forums have been breached, more than 5k users’ details record has been exposed. The details include customers with personal information and IP address.

The ZoneAlarm is an internet security company that offers antivirus and firewall products, the company was acquired by Check Point in March 2004.

ZoneAlarm Forum Hacked

The forum was hacked using patched vBulletin 0-Day vulnerability(CVE-2019-16759) that reported on September 24, 2019. The vBulletin is one of the most popular and widely used forum software which is written in PHP.

VBulletin fixed the vulnerability in two days, on September 26, 2019, the company released patches, it affects versions from 5.0.0 till 5.5.4.

vBulletin is a forum software package based on MySQL and PHP, like other CMS this package used to build Internet forums.

The vulnerability can be exploited by the attacker sending a specially crafted HTTP POST request to execute the arbitrary code in the targeted forum.

This incident occurred due to the lack of patch management. It is a surprise that a leading security company itself running an outdated version of the forum software.

According to the breach report, the file containing 5175 unique records allegedly belonging to ZoneAlarm was found today in public forums.

The exposed data includes hashed passwords, birth dates, and IPs of ZoneAlarm forum users. The company confirms that around 4,500 subscribers with website “forums.zonealarm.com” were affected by the incident.

At the time of writing the website is not active and the company working on it to fix the issue. Users of the forum are recommended to reset the login credentials.

This is not the first time hackers using vBulletin 0-Day to hack forums, earlier another Cybersecurity firm Comodo Security Solutions forum has been hacked using the same exploit.

You can follow us on Linkedin, Twitter, Facebook for daily Cyber Security and hacking news updates.