More than 170,000 users of online forums operated by cybersecurity company Comodo Group reportedly had their data stolen by a malicious actor who exploited a recently disclosed vulnerability in vBulletin's internet forum software.
The Clifton, N.J.-based Comodo learned of the attack on September 29, and responded by taking its forums offline and applying patches, the company announced yesterday on its main Comodo forum.
Although Comodo said that its forums database was only "potentially" accessed, BleepingComputer reported today that an unnamed website is selling a data dump containing information pertaining to over 170,000 Comodo Forums users. The seller reportedly claims the data was lifted from Comodo's main discussion website, and that the passwords contained within were hashed with an insecure MD5 algorithm. (Comodo stated in its security notice that all user passwords are stored encrypted, but the algorithm was not specified.)
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.