vBulletin zero-day used to leak data of 245,000 Comodo forum users

Security software maker Comodo admitted that it suffered data breach due to the vBulletin CVE-2019-16759 vulnerability

Comodo failed to patch the vBulletin flaw on time which resulted in the exposure of hundreds of thousands of ITarian forum users data

The Comodo discussion forum, also known as ITarian has recently suffered a huge data breach that led to the exposure of around 245,000 users' personal details. People who have been searching via Comodo discussion boards are strongly encouraged to change their old passwords into strong new ones.

Security researchers have found out that the well-known vBulletin zero-day flaw^[1] was used in order to compromise Comodo forum users' personal data data that is entered when logging into online accounts. The bug (CVE-2019-16759) which allowed gaining access to a targeted system by launching malicious code remotely was patched four days prior to ITarian compromise,^[2] and Comodo failed to take care of the flaw on time.

The company operates two separate forums – forum.itarian.com and forums.comodo.com. Although the company did not disclose which of the public boards were affected, it is likely that that the latter was not impacted by the hack, as it runs on Simple Machines Forum software on Comodo's sub-domain.

Exposed data of 245,000 people included log-in information

According to the company, the Comodo forum data breach which took place on the 29th of September has related to personal information exposure of hundreds of thousands of people.^[3] Comodo claims to have taken the hacked forums out. In the published notification, the company informed that the breached database consisted of user account log-in details, including:

1. Real name;
2. The username used for posting in forums;
3. Email address;
4. Hashed password;
5. The most recent IP addresses used to visit the forums;
6. Some other usernames from other social media platforms (in some cases only).^[4]

The company claims that cybersecurity is their first priority and is looking into this incident seriously. Comodo also promises to inform all users if any personal data will be discovered to have been accessed in any type of way:^[5]

An unknown attacker exploited the recently discovered vBulletin vulnerability and potentially gained access to the forums database. Our investigations are ongoing to determine what data, if any, has been accessed.

ITarian forum users should change their account passwords immediately

Security breaches happen all the time, and it is the companies' responsibility to make sure that user data is secured (on time). Comodo is a well-known security software maker, so failing to patch the vBulletin vulnerability before the hack occurred is a major downfall. However, we must give credit because the passwords were hashed – it essentially protects users from the exposure. Regardless, the real names of registered users were breached.

Changing old passwords into more complex ones is every user's responsibility now. If you also are a person who has an account on the Comodo ITarian forum, you should hurry up an change your password to avoid possible data exposure by bad actors in the upcoming future.

A recommendation from our side would be to think of passwords that do not have any associations with you, add some numbers and symbols to it. If you think that you might forget the password that you have generated, you should write it down somewhere where it can be reached only for you and preferably not on your computer in any type of cyber attack occurs in the future and manages to steal some data of yours directly from the machine.

Comodo has not only urged all users to generate new passwords, but they also stated that registration for new forum participants who want to connect to the hacked forum.itarian.com platform is disabled until all the issues have been tacked by the experts.