This is really an embarrassing incident, ZoneAlarm forum site has suffered a data breach exposing data of its discussion forum users.

ZonaAlarm, the popular security software firm owned by Check Point Technologies, has suffered a data breach. According to the post published by The Hacker News, the security breach exposed the data of ZonaAlarm discussion forum users.

The ZoneAlarm suite includes antivirus software and firewall solutions to and users and small organizations, it has nearly 100 million downloads.

“Though neither ZoneAlarm or its parent company Check Point has yet publicly disclosed the security incident, the company quietly sent an alert via email to all affected users over this weekend, The Hacker News learned.” reads the post published by The Hacker News.

The company sent a data breach notification mail to forum users urging them to change their forum account passwords. At the time it is unclear when the attackers compromised the ZoneAlarm forum. The message revealed that attackers gained unauthorized access to forum members data, including names, email addresses, hashed passwords, and date of births.

The good news is that the number of affected members is not so great, the incident only impacted the “forums.zonealarm.com”domain, which has roughly 4,500 subscribers.

“This is a separate website from any other website we have and used only by a small number of subscribers who registered to this specific forum,” reads the data breach notification message. “The website became inactive in order to fix the problem and will resume as soon as it is fixed. You will be requested to reset your password once joining the forum.”

The incident is embarrassing because was caused by the lack of patch management for the impacted forum. A company spokesperson told The Hacker News that attackers exploited the CVE-2019-16759 remote code execution vulnerability in the vBulletin forum software.

In September, an anonymous hacker disclosed technical details and proof-of-concept exploit code for a critical zero-day remote code execution flaw in vBulletin. The issue could be exploited remotely by an unauthenticated attacker. The PoC exploit published by the hacker works on vBulletin versions 5.0.0 till the latest 5.5.4, and the ZoneAlarm forum was running the 5.4.4 version.

The zero-day flaw in the forum software resides in the way an internal widget file of the forum software package accepts configurations via the URL parameters. The expert discovered that the package fails to validate the parameters, an attacker could exploit it to inject commands and remotely execute code on the vulnerable install.

Another security firm suffered a data breach due to the CVE-2019-16759 remote code execution vulnerability. In October, hackers breached the ITarian Forum, the Comodo discussion board and support forum, accessing login credentials of nearly 245,000 users registered with the Comodo Forums websites.

ZoneAlarm immediately launched an investigation into the incident and took down the forum website.

Pierluigi Paganini