Cybersecurity firm Comodo is urging users of its ITarian Forum to change their passwords immediately following a significant data breach involving the exploitation of a vBulletin vulnerability. This incident has reportedly compromised the login credentials of nearly 245,000 registered users of the forum.
On September 29, an attacker leveraged a long-known vulnerability in the vBulletin software, identified as CVE-2019-16759, which enabled unauthorized access to the Comodo Forums database. This breach was publicly acknowledged by Comodo in a security notice, emphasizing the seriousness of the situation and the urgency for users to take precautionary measures.
Significantly, the hack occurred just days after vBulletin developers released a patch. Comodo’s failure to implement this essential security update in a timely manner has raised concerns regarding its cybersecurity protocols. While it remains unclear which specific forum was compromised, the ITarian Forum, hosted at “forum.itarian.com,” is the likely target as it utilizes the vulnerable vBulletin software. In contrast, Comodo’s other forum, “forums.comodo.com,” operates on Simple Machines Forum software and appears unaffected by this incident.
The breached database contains sensitive user information, including usernames, names, email addresses, hashed passwords, last login IP addresses, and occasionally linked social media usernames. This breadth of exposed data indicates a severe risk for users who may have reused passwords across different platforms, potentially leading to further compromises.
Comodo first became aware of the breach early on September 29, leading to the immediate deactivation of the affected forums. The company acted quickly to mitigate further damage by applying the recommended security patches to the vulnerable software.
Users who registered on the Comodo Forums prior to September 29 are strongly advised to change their passwords to unique and robust alternatives, particularly if they have used the same credentials elsewhere. Although the passwords were hashed, Comodo’s advisory reinforces standard best practices for password security.
In its notice, Comodo expressed regret over the inconvenience caused to its user community and committed to taking stronger measures to ensure timely updates for vulnerabilities in third-party software in the future. Currently, registration for new users on the affected forums has been temporarily halted, as the company works to reinforce its security protocols.
This incident underscores the risks associated with using outdated software and highlights the importance of maintaining vigilance regarding cybersecurity vulnerabilities. The MITRE ATT&CK framework suggests that tactics such as initial access and exploitation of external vulnerabilities were likely employed in this breach. Businesses should remain alert to such risks and ensure that their systems are consistently updated and monitored.
In light of the incident, it is imperative for organizations to actively manage their cybersecurity postures, particularly amidst rising threats targeting users across various online platforms. Cybersecurity remains a critical focus area for business owners who must safeguard both company and customer data against emerging attacks.
