View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 1, 2019

Security Firm Comodo Hacked, as vBulletin Exploit Spawns

Businesses need to urgently patch this vulnerability

By CBR Staff Writer

Cybersecurity firm Comodo (slogan: “creating trust online”) says hackers exploited a new vulnerability in its user forum to steal the personal data of 245,000 users.

New Jersey-based (but UK-founded) Comodo is a freemium provider of endpoint protection. It said the attack vector was a new vulnerability or zero day in vBulletin, a widely user server application for website comment forums.

The zero day was dumped on the SecLists security forum on September 23; the exploit developer declining to go down a “responsible disclosure” route.

Another security researcher rapidly followed its publication with a script that scans the internet for vBulletin forums vulnerable to the zero day.

Comodo is unlikely the sole such company affected: hackers are widely reported to be using the vulnerability to help bolster their botnets

Read this: Check Out This Free IT Asset Discovery, Security Tool

When Computer Business Review contacted Comodo’s own end-user patch management/technical support team, Comodo One, we were told: “We aren’t [sic] notified about the breach until now”.

Comodo Hacked: Emails, Names, etc. Leaked

In an alert to users published Monday meanwhile, Shane McGillian product group manager for Comodo wrote: “Our investigations are ongoing to determine what data, if any, has been accessed. User accounts on the forums contain information such as username, name, e-mail address, last IP used to access the forums and if used, potentially some social media usernames in very limited situations.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Comodo is advising all of its users to immediately change their passwords.

vBulletin has patched the vulnerability. Enterprise security teams can access the patch here. All vBulletin Cloud sites have already been patched.

The vulnerability that gave the attackers access was located in vBulletin, a popular server application for website comment forums.

A vulnerability in vBulletin is manna from heaven for hackers as it’s known to be used by organisations such as NASA, games publish EA and games distribution platform Steam. Following the public disclosure Chaouki Bekrar, the CEO of Zerodium, a zero-day exploits market platform, said the “bugdoor” had been circulating in the exploit community for three years.

Comodo One’s team told us: “As far as our company is concerned none of our servers have been breached. Also we aren’t notified about the breach until now.”

Comodo itself said: “We deeply regret any inconvenience or distress this vulnerability may have caused you, our users.

“As members of our community of Comodo Forum users we want to reassure you that we have put in place measures to ensure that vulnerabilities in third party software, such as vBulletin, will be patched immediately when patches become available.”

See Also: Windows Virtual Desktop Lands: Should Your Business Consider It?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.