Comodo, which payments itself as a “world chief in cybersecurity options,” stated its discussion board was hacked.
The admission got here in at least a discussion board submit, which confirmed a hacker exploited a recently disclosed vulnerability in vBulletin, a preferred discussion board software program and utilized by Comodo. The flaw, which requires little talent to take advantage of, permits an attacker to remotely run malicious code on a susceptible discussion board. On this case, the exploit was used to dump all the consumer database.
However regardless of claiming in it disclosure that it takes “safety very critically” and is its “highest precedence,” the corporate didn’t instantly patch its discussion board software program. 4 days after the patches had been launched, its discussion board was hacked.
In response to the disclosure, Comodo stated the hackers stole usernames, names and e mail addresses, and the consumer’s final IP tackle used to entry the discussion board. Some social media handles had been additionally stolen within the breach.
Comodo stated it has about 245,000 registered discussion board customers.
It’s not essentially the most damaging breach on file however it’s a bruising safety lapse for an organization that claims to be half-decent at these items.
That is Comodo’s second safety snafu this 12 months following one other breach involving an uncovered password, which allowed a safety researcher entry to the corporate’s intranet — and entry to inside information and paperwork.