Cyber Incident Victim: Comodo Group, Inc.

On or around September 29, 2019, an unauthorized actor breached the Comodo Forums by exploiting a vulnerability in the vBulletin software that powered the platform. This intrusion resulted in the theft of account data belonging to over 170,000 users, representing more than half of the forum's total user base. The stolen information subsequently appeared for sale on online trading platforms, exposing affected individuals to potential credential misuse and secondary attacks. Comodo publicly acknowledged the incident on October 1, 2019, through a security notice confirming that an intruder had potentially accessed the forum's database. While the company did not specify the exact timeline of vulnerability exploitation or data exfiltration, the breach's discovery coincided with broader awareness of security flaws in vBulletin systems during that period.

Comodo's response centered on notifying users about the potential compromise of their forum account credentials and personal information associated with their profiles. The company did not disclose whether additional remediation steps were taken beyond the security notice, such as forced password resets or detailed forensic analysis of the attack vector. The incident directly impacted the confidentiality of user data stored within the forum's database, though the extent of financial or operational damage to Comodo's broader infrastructure remained unspecified in available disclosures. The public exposure of stolen credentials increased risks for forum users who reused passwords across multiple services, creating potential secondary compromise scenarios beyond Comodo's systems. The breach underscored persistent security challenges associated with third-party forum software platforms widely used across the technology sector.