Comodo, a New Jersey-based freemium provider of endpoint protection, is the latest victim of a data breach.
In a brief security notice, the company confirmed the breach and revealed that an unknown attacker exploited the vBulletin vulnerability (CVE-2019-16759) and gained access to its Forums database.
According to Bleeping Computer, the bug in vBulletin is critical because it’s easy to leverage. Although details were made public last week, exploit brokers had known about it for three years.
It’s also worth noting that this is not the first time the Comodo forum has been hacked. The Hacker News reports that the forum was hacked on September 29 “almost four days after vBulletin developers released a patch to let administrators address the vulnerability, but the company failed to apply the patches on time.”
According to the security notice, the information accessed includes username, name, email address, hashed passwords, last IP address used to access the forums and some social media usernames in very limited situations.
Though passwords were encrypted, as a precautionary measure, users are urged to change them — especially if you registered for Comodo Forums on or before September 29.