Comodo Forums Hack Exposes 245,000 Users’ Data — Recent vBulletin 0-day Used

If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately.

Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability, exposing login account information of over nearly 245,000 users registered with the Comodo Forums websites.

In a brief security notice published earlier today, Comodo admitted the data breach, revealing that an unknown attacker exploited the vBulletin vulnerability (CVE-2019-16759) and potentially gained access to Comodo Forums database.

It’s worth noting that Comodo forum was hacked on September 29, almost four days after vBulletin developers released a patch to let administrators address the vulnerability, but the company failed to apply the patches on time.

As The Hacker News broke the news last week, an anonymous hacker publicly disclosed details of a critical then-unpatched vulnerability in vBulletin—one of the widely used internet forum software—which could have allowed remote attackers to execute arbitrary commands on the web server.

However, Comodo has not specified which of the company’s forums has been hacked out of the two separate forums it owns.

One the forums, “forums.comodo.com,” is hosted at Comodo’s own sub-domain and is powered by the different forum software, called Simple Machines Forum, and appears not to be impacted.

The second forum, which runs over the vBulletin software and has likely been hacked, is ITarian Forum hosted at “forum.itarian.com,” a discussion board where the company offers technical assistance to the users of its products.

What Type of Information Was Accessed?

The breached database contains forum users’ information, including:

• Login username
• Name
• Email address
• Hashed passwords
• Last IP address used to access the forums
• Some social media usernames in very limited situations.

The company became aware of the security breach over the weekend on September 29 morning, which suggests users registered on Comodo Forums until this Sunday are impacted by the breach.

“Very recently a new vulnerability in the vBulletin software, which is one of the most popular server applications for website comments including the Comodo Forums, was made public,” the company says.

“Over the weekend at 4:57 am ET on Sunday, September 29, 2019, we became aware that this security flaw in the vBulletin software had become exploited resulting in a potential data breach on the Comodo Forums.”

Immediately after detecting the security intrusion, the Comodo IT infrastructure team immediately took the forums offline in an attempt to mitigate the vBulletin exploit and applied the recommended security patches.

What Users Should Do Now?

If you have registered with Comodo Forums on or before September 29, you are highly recommended to immediately change the password for your forum account to a strong and unique one and for any other online account where you use the same credentials.

Although the account passwords were hashed in vBulletin for the Comodo Forum users, Comodo advises users to change their passwords as part of good password practices.

“We deeply regret any inconvenience or distress this vulnerability may have caused you, our users,” the company says.

“As members of our community of Comodo Forum users, we want to reassure you that we have put in place measures to ensure that vulnerabilities in third-party software, such as vBulletin, will be patched immediately when patches become available.”

Besides this, at the time of writing, the company has also temporarily disabled the registration for new users on the affected forums, The Hacker News confirmed.