ZoneAlarm Faces Data Breach, User Information Compromised
ZoneAlarm, a prominent internet security software company owned by Check Point Technologies, has confirmed a significant data breach affecting its user community on the discussion forum. The incident, which was reported by The Hacker News, has led to the exposure of sensitive information belonging to forum members.
With a robust user base that has seen nearly 100 million downloads, ZoneAlarm offers a suite of security solutions, including antivirus software and firewalls, to home users, small businesses, and mobile device owners worldwide. Despite the potential scale of the breach, ZoneAlarm and Check Point have yet to provide comprehensive public details regarding the incident. However, affected users were notified via email over the weekend, alerting them to unauthorized access to their names, email addresses, hashed passwords, and dates of birth.
The breach specifically impacts users registered on the “forums.zonealarm.com” domain, representing a relatively small segment of their user base, with about 4,500 registered accounts. In their communication, ZoneAlarm emphasized that this forum operates independently from their primary website, suggesting that the exposure is limited to this isolated platform.
As a precautionary measure, users have been advised to change their passwords promptly. ZoneAlarm noted that the forum would remain inactive until the issue is resolved, with users required to reset their passwords before re-accessing the site.
According to a spokesperson for ZoneAlarm, attackers exploited a known remote code execution vulnerability (CVE-2019-16759) within the vBulletin forum software, which has affected versions ranging from 5.0.0 to the latest 5.5.4. Unfortunately, it has come to light that ZoneAlarm was still operating an outdated version of the software (5.4.4) until recently, which allowed for an easier breach.
The same vulnerability has been linked to other cybersecurity incidents, including an attack on the Comodo forum that compromised the login data of approximately 245,000 users. While the ZoneAlarm team became aware of the breach only last week, the timeline of the attack remains unclear, raising concerns over the potential duration of unauthorized access.
The company is currently conducting a thorough investigation into the breach. ZoneAlarm’s proactive response, notifying affected users within 24 hours of discovering the incident, reflects a commitment to transparency and user security.
As the forum remains offline at the time of this reporting, users cannot change their passwords directly. Affected individuals are urged to update any other accounts using the same credentials to mitigate the risk of further breaches.
Given the nature of this attack, it is essential to consider the tactics potentially utilized, as outlined in the MITRE ATT&CK framework. The techniques likely employed include initial access via the exploited vulnerability, as well as persistence tactics to maintain unauthorized access to the platform. As the cybersecurity landscape evolves, incidents like this serve as a crucial reminder for businesses to remain vigilant about their online security practices in an increasingly digital world.
