Threat actors are distributing the private data of more than 170,000 Comodo Forums users on underground marketplaces. The data breach is the result of a recently disclosed remote code execution vulnerability affecting web forums running vBulletin software. Threat actors had been exploiting this zero-day for years until a researcher published it on a vBulletin security mailing list last week. In the absence of an official patch, another security researcher suggested a simple fix that involves nothing more than commenting out a vulnerable statement in the code. Since the publication of the critical flaw, which is very easy to exploit, attacks on forums have surged.
In a statement, Comodo said that their forums were attacked last Sunday by someone who exploited the vBulletin vulnerability. The firm described the result as “a potential data breach on the Comodo Forums.” The company has launched an investigation into the incident and is encouraging all users to change their password, although it mentioned that user passwords are stored in encrypted form.
Threat actors have already published a data dump on an underground forum that allegedly contains the data of over 170,000 Comodo Forums users. An investigation by BleepingComputer found that the compromised data includes, depending on what information the user has provided, the user ID, full name, country, IP address of the last login, encrypted password and its salt, birth date, security question, hashed security answer, registration date, messenger username, total time logged in.
Read more: Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs