An anonymous researcher recently released a Zero Day in the popular Internet forum software vBulletin. Cybersecurity company Comodo has now announced that its own forum has been hacked.
Ironically, news about the hack was posted in a forum posting that confirmed that a hacker exploited the vBulletin vulnerability to gain access to the Cybersecurity Giant's forum database.
Exploitation of the vulnerability requires limited knowledge. An attacker could use it to remotely execute malicious code in a vulnerable forum.
In this case, the attacker used the exploit to steal information such as usernames and email addresses from the user database of the Comodo forum.
The exploit code for the vBulletin vulnerability was released on September 23, and two days later, the company released patches for its forum software.
Despite claiming that the disclosure was "very serious," Comodo was unable to patch the forum software immediately and the forum was hacked four days after the patches were released.
In its release, Comodo provided more information about what information the attackers could get behind the hack:
"An unknown attacker exploited the recently discovered vBulletin vulnerability and may have gained access to the forum database. Our research is underway to determine what data has been accessed. Forums user accounts include information such as username, name, email address, last IP address used to access the forums, and, if used, some social media usernames in very limited situations. All user passwords in the database were stored encrypted. There are currently about 245,000 users registered in the Comodo Forums. "
There were certainly more serious data breaches, but these are particularly embarrassing as Comodo, as a cybersecurity firm, should know better than delaying the installation of the latest security patches.
The price written on this page is true as the time it is written. It may change at any moment.