Comodo, which payments itself as a “world chief in cybersecurity options,” stated its discussion board was hacked.
The admission got here in at least a discussion board put up, which confirmed a hacker exploited a lately disclosed vulnerability in vBulletin, a well-liked discussion board software program utilized by Comodo. The flaw, which requires little ability to use, permits an attacker to remotely run malicious code on a susceptible discussion board. On this case, the exploit was used to dump all the consumer database.
However regardless of claiming in its disclosure that it takes “safety very significantly” and is its “highest precedence,” the corporate didn’t instantly patch its discussion board software program. 4 days after the patches have been launched, its discussion board was hacked.
Based on the disclosure, Comodo stated the hackers stole usernames, names and e-mail addresses, in addition to the consumer’s final IP handle used to entry the discussion board. Some social media handles have been additionally stolen within the breach.
Comodo stated it has about 245,000 registered discussion board customers.
It’s not probably the most damaging breach on report, but it surely’s a bruising safety lapse for a corporation that claims to be half-decent at these things.
That is Comodo’s second safety snafu this 12 months following one other breach involving an uncovered password, which allowed a safety researcher entry to the corporate’s intranet — and entry to inner information and paperwork.