[BreachExchange] Data of ZoneAlarm Forum Users Leaked Following Breach

[Destry Winant]

https://www.securityweek.com/data-zonealarm-forum-users-leaked-following-breach

The forum dedicated to Check Point’s ZoneAlarm security product
appears to have been breached and the details of the forum’s members
have been leaked online.

Check Point says its ZoneAlarm product has been used by nearly 100
million users worldwide, but the incident only appears to impact a few
thousand users. The ZoneAlarm forum has roughly 4,500 members, but
Breach Report claims to have come across a file containing 5,175
leaked records.

The file contains email addresses, password hashes, dates of birth,
and user IP addresses. The ZoneAlarm forum is powered by the vBulletin
forum software and Breach Report suggested that hackers may have
obtained the data after exporting CVE-2019-16759, a vBulletin
vulnerability that was patched in late September.

The flaw had been exploited before the release of a patch and some
claimed that its existence had been known for years.

Check Point representatives said the ZoneAlarm team contacted affected
individuals within 24 hours of detecting the breach. The company is
conducting an investigation into the incident and would not confirm
that it involved exploitation of a vBulletin vulnerability.

The company said passwords “remain encrypted,” but advised users to
change them “as a security measure.”

“It is important to stress that this website is isolated from any
other of Check Point's websites and was used only by the registered
ZoneAlarm forum subscribers. ZoneAlarm itself is one of our smallest
product lines,” Check Point told SecurityWeek via email.

The ZoneAlarm forum is currently offline.