Important Security Notice About Comodo Forums Accounts
At Comodo, we take security very seriously and it is our highest priority. Very recently a new vulnerability in the vBulletin software, which is one of the most popular server applications for website comments including the Comodo Forums, was made public. Over the weekend at 4:57 am ET on Sunday September 29, 2019, we became aware that this security flaw in the vBulletin software had become exploited resulting in a potential data breach on the Comodo Forums.
Our IT infrastructure team immediately took steps to mitigate the exploit by taking the forums offline and applying the recommended patches.
Who has been affected and what data has been potentially accessed?
An unknown attacker exploited the recently discovered vBulletin vulnerability and potentially gained access to the forums database. Our investigations are ongoing to determine what data, if any, has been accessed. User accounts on the forums contain information such as username, name, e-mail address, last IP used to access the forums and if used, potentially some social media usernames in very limited situations. All user passwords in the database were stored encrypted. Comodo forums currently have approximately 245,000 registered users.
What should forum users do?
As a precautionary measure we recommend that forum users should immediately change their passwords and exercise good password practices such as strong random passwords and not share your passwords across different Internet accounts. The account passwords were encrypted in vBulletin for the Comodo Forum users, but a password change is recommended as part of good password practices.
We deeply regret any inconvenience or distress this vulnerability may have caused you, our users. As members of our community of Comodo Forum users we want to reassure you that we have put in place measures to ensure that vulnerabilities in third party software, such as vBulletin, will be patched immediately when patches become available