ZONEALARM (PART OF CHECK POINT) HAS BEEN BREACHED!

zone alarm no threats detected breach report investigation

UPDATE 13.11.2019

We received comments from Check Point’s ZoneAlarm stating that they detected the breach within 24h and notified users affected asking their subscribers, as a security measure, to change these passwords. A company representative also stated that the index from this forum’s website is separate from any other company’s servers and stressedthat the website is isolated from any other of the company’s websites and was used only by the registered subscribers. ZoneAlarm is conducting an investigation into the matter.

Check Point, which bills itself as the leader in cybersecurity solutions, has been breached. Data records of over 5k ZoneAlarm forum users have been hacked.  

Check Point, arguably the biggest cybersecurity company in the world, has acquired several other companies, and ZoneAlarm is one of them. It acquired it in March 2004. ZoneAlarm (Slogan: Keeping you safe is what we do best) provides firewalls and antivirus products, and it is ironic that they have been hacked themselves. 

Check Point main business is to provide cybersecurity solutions and keep their customers safe. But can the company keep its customers safe if they can’t even keep their own sites secure?

 A file containing 5175 unique records allegedly belonging to ZoneAlarm was found today. It contained emails, hashed passwords, birth dates and IPs of ZoneAlarm forum users. By the time of writing this press release, neither Check Point nor ZoneAlarm had responded to our emails. There has been no public admission of the breach by either Check Point or ZoneAlarm. 

The hacker could have exploited CVE-2019-16759 vulnerability. This vulnerability allows hackers without an account of the target forum to execute shell commands on a server running vBulletin. CVE-2019-16759 is thus a remote execution vulnerability that does not require authentication.

But despite claiming security to be its highest priority, Check Point failed to patch its forum software several weeks after vBulletin developers released patches for CVE-2019-16759 vulnerability. This vulnerability was reported on September 24, 2019, but patches were released on September 26, 2019, two days later. If the claims that the hacker could have used this vulnerability are true, where has the leading cybersecurity solutions company been for over 40 days?

It may not be the most bruising data breach on record. However, it is a bruising security failure for a company that claims to the leader in cybersecurity solutions.

The General Data Protection Regulation (GDPR) requires companies to notify their customers and report data breaches to the relevant Data Protection Authority (DPA)within 72 hours of becoming aware of the breach. Well, 72 hours are not over, and we shall see the action Check Point or ZoneAlarm will take. 

 

We have updated our database with the leaked records, so in case you are a client of ZoneAlarm, you can use our free search to find out whether your account was compromised.