Author Topic: Important Security Notice About Comodo Forums Accounts  (Read 12317 times)

Offline Shane

  • Product Group Manager
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 669
Important Security Notice About Comodo Forums Accounts
« on: September 30, 2019, 07:30:35 PM »
Important Security Notice About Comodo Forums Accounts

At Comodo, we take security very seriously and it is our highest priority. Very recently a new vulnerability in the vBulletin software, which is one of the most popular server applications for website comments including the Comodo Forums, was made public. Over the weekend at 4:57 am ET on Sunday September 29, 2019, we became aware that this security flaw in the vBulletin software had become exploited resulting in a potential data breach on the Comodo Forums.

Our IT infrastructure team immediately took steps to mitigate the exploit by taking the forums offline and applying the recommended patches.

Who has been affected and what data has been potentially accessed?

An unknown attacker exploited the recently discovered vBulletin vulnerability and potentially gained access to the forums database. Our investigations are ongoing to determine what data, if any, has been accessed. User accounts on the forums contain information such as username, name, e-mail address, last IP used to access the forums and if used, potentially some social media usernames in very limited situations. All user passwords in the database were stored encrypted. Comodo forums currently have approximately 245,000 registered users.

What should forum users do?

As a precautionary measure we recommend that forum users should immediately change their passwords and exercise good password practices such as strong random passwords and not share your passwords across different Internet accounts. The account passwords were encrypted in vBulletin for the Comodo Forum users, but a password change is recommended as part of good password practices.

We deeply regret any inconvenience or distress this vulnerability may have caused you, our users. As members of our community of Comodo Forum users we want to reassure you that we have put in place measures to ensure that vulnerabilities in third party software, such as vBulletin, will be patched immediately when patches become available
Please read the Forum Policy below before posting: 

http://forums.comodo.com/new_member_information/forum_policy-t1516.0.html

Offline Born

  • Comodo Member
  • **
  • Posts: 31
Re: Important Security Notice About Comodo Forums Accounts
« Reply #1 on: September 30, 2019, 07:39:54 PM »
Thanks for the update Shane.

Offline at2013

  • Newbie
  • *
  • Posts: 14
Re: Important Security Notice About Comodo Forums Accounts
« Reply #2 on: September 30, 2019, 09:33:35 PM »
I'm probably missing something here, but what exactly does vBulletin have to do with Comodo? This forum isn't on vBulletin, it's on Simple Machines Forum. On the other hand, the following forum hosted on Comodo.com is using vBulletin.

https://forum.comodo.com/

Did you mean to say someone got access to this forum's database by exploiting a vulnerability on the vBulletin based forum linked above?

Your own gmods contradict your statement of the site's supposed vBulletin reliance.

[at]giraffe. I reopened your topic and merged it with an already existing topic.

The topic at Wilders links the following article: https://translate.google.com/translate?hl=&sl=auto&tl=en&u=https%3A%2F%2Fwww.comss.ru%2Fpage.php%3Fid%3D6510 .

Please note that Comodo Forums is using Simple Machines Forum software and not vBulletin as moderator stapp states in error.

This is breaking news as a well known tv news station would call it. It means news will develop, possibly sometimes rapidly.
« Last Edit: September 30, 2019, 09:43:15 PM by at2013 »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25665
Re: Important Security Notice About Comodo Forums Accounts
« Reply #3 on: September 30, 2019, 09:42:23 PM »
Thank you for informing us and being proactive about it. :-TU

I'm probably missing something here, but what exactly does vBulletin have to do with Comodo? This forum isn't on vBulletin, it's on Simple Machines Forum. On the other hand, the following forum hosted on Comodo.com is using vBulletin.

https://forum.comodo.com/

Did you mean to say someone got access to this forum's database by exploiting a vulnerability on the vBulletin based forum linked above?
I noticed that as well. I think the breach happened with the Itarian Forums, also by Comodo, which use vBulletin software. Once there was access to the server(s) I guess there was also access to the database of Comodo Forums.

At the Itarian Forums there is a similar message about the compromise: https://forum.itarian.com/forum/products/37859-important-security-notice-about-itarian-forums-accounts .

Offline at2013

  • Newbie
  • *
  • Posts: 14
Re: Important Security Notice About Comodo Forums Accounts
« Reply #4 on: September 30, 2019, 09:48:44 PM »
Thank you for informing us and being proactive about it. :-TU
I noticed that as well. I think the breach happened with the Itarian Forums, also by Comodo, which use vBulletin software. Once there was access to the server(s) I guess there was also access to the database of Comodo Forums.

At the Itarian Forums there is a similar message about the compromise: https://forum.itarian.com/forum/products/37859-important-security-notice-about-itarian-forums-accounts .

Oof, makes sense. I used to work for IB years ago and know what vB looks like, even if it's hidden well. Yeah, breaches like that are a lot more common than people think. I had no idea Itarian was owned by Comodo. I changed my password for the email I used to register here and other Comodo products/sites. I was about to swap the password for this forum and other ones, too, when I saw this thread.

People assume security companies don't get breached. They do. Just as major Big N tech companies have. It's the wheel of life.

Online Eric Cryptid

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2613
  • Security Saskquatch
Re: Important Security Notice About Comodo Forums Accounts
« Reply #5 on: October 01, 2019, 02:10:58 AM »
Thanks for the update.

Eric

Moderator: Any concerns? PM me and/or review the Forum Policy
System: 64 bit Win 10
Realtime Protection:CIS 12

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 1130
Re: Important Security Notice About Comodo Forums Accounts
« Reply #6 on: October 01, 2019, 02:25:07 AM »
Thank you for informing us and being proactive about it. :-TU
I noticed that as well. I think the breach happened with the Itarian Forums, also by Comodo, which use vBulletin software. Once there was access to the server(s) I guess there was also access to the database of Comodo Forums.

vbulletin has its own SQL different from SMF's which is completely separate

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 313
  • Paranoid B#st#rd - CIA
Re: Important Security Notice About Comodo Forums Accounts
« Reply #7 on: October 01, 2019, 03:35:47 AM »
Quote from: Shane
All user passwords in the database were stored encrypted

Do you mean hashed instead of encrypted?
« Last Edit: October 01, 2019, 07:46:07 AM by ReeceN »
Some Comodo wallpapers by me
Wonders what John McAfee will do next.

Offline Huolsam

  • Newbie
  • *
  • Posts: 15
Re: Important Security Notice About Comodo Forums Accounts
« Reply #8 on: October 01, 2019, 07:52:50 AM »
is there any relation between SMF and vbulletin ???

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25665
Re: Important Security Notice About Comodo Forums Accounts
« Reply #9 on: October 01, 2019, 10:37:18 AM »
vbulletin has its own SQL different from SMF's which is completely separate
The vulnerability in vBulletin gave hackers full access to the server. From there they had full control and who knows how things moved from there. We don't know because we don't know the infrastructure.

This theory also gets suggested by this article on Bleeping Computer about the breach posted today: https://www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/

Offline Shane

  • Product Group Manager
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 669
Re: Important Security Notice About Comodo Forums Accounts
« Reply #10 on: October 01, 2019, 11:10:53 AM »
Hi All,

We have multiple forums running on both systems.

Even though Simple Machine Forums were not directly vulnerable or directly compromised, they reside on the same segmented zone of our infrastructure and the attackers were able to utilize the vBulliten attack to potentially access data from the Simple Machine Forums being on the same servers.

The servers were deliberately segmented into security zones and no other systems were accessible.
Please read the Forum Policy below before posting: 

http://forums.comodo.com/new_member_information/forum_policy-t1516.0.html

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25665
Re: Important Security Notice About Comodo Forums Accounts
« Reply #11 on: October 01, 2019, 11:40:14 AM »
Thank you for the clarification, Shane. :-TU

Could you explain what you mean with We have multiple forums running on both systems? Both systems being SMF and vBulletin? What other forums besides Itarian and Comodo Forums does Comodo have?

Offline Shane

  • Product Group Manager
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 669
Re: Important Security Notice About Comodo Forums Accounts
« Reply #12 on: October 01, 2019, 11:48:39 AM »
Thank you for the clarification, Shane. :-TU

Could you explain what you mean with We have multiple forums running on both systems? Both systems being SMF and vBulletin? What other forums besides Itarian and Comodo Forums does Comodo have?

Ok, I'll address each:

1. Could you explain what you mean with We have multiple forums running on both systems?

A. We run both SMF and vBulletin for our different forums.

2. Both systems being SMF and vBulletin?

A. Yes.

3. What other forums besides Itarian and Comodo Forums does Comodo have?

Those are the main two. We have some smaller ones not yet really used for infant and upcoming projects.

Hope this clarifies the situation.

Thanks,
Shane.
Please read the Forum Policy below before posting: 

http://forums.comodo.com/new_member_information/forum_policy-t1516.0.html

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 1130
Re: Important Security Notice About Comodo Forums Accounts
« Reply #13 on: October 01, 2019, 12:06:26 PM »
Thank you Shane,

It's very clear to me
- VB has its SQL database
- SMF also has its own SQL database
VB hacking does not necessarily include SMF so the Comodo forum

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25665
Re: Important Security Notice About Comodo Forums Accounts
« Reply #14 on: October 01, 2019, 02:26:11 PM »
Thank you for clearing up. :)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek