An American-Israeli security firm claims that the claim of a digital burglar to have stolen “highly sensitive” from Check Point is a massive exaggeration. CoreInjection, a cybercrime forum user who goes by the name CoreInjection, advertised “a highly sensitive dataset” on Sunday evening. They claimed that this contained internal network diagrams and architectural plans, user credentials (including plaintext and hashed), and internal network maps. Employee contact information), proprietary source code, and passwords.
Screenshots in the post seem to show CoreInjection within a Check Point admin (security management portal), allegedly granting them the ability to change their users’ passwords. two-factor authentication settings.
Check Point denies that there was ever any security risk for customers and employees. They claim the organizations affected were “updated” and the crim is merely recycling old data. The Register asked Check Point
for answers to a variety of questions. Check Point did not answer many. The vendor sent a short statement instead: “This is a very old, well-known, and pinpointed incident that involved only a handful of organizations and a portal which did not include customer’s systems, production architecture, or security architecture.
“This was handled months ago and did not include the description detailed on the dark forum message. These organizations were updated and handled at that time, and this is not more than the regular recycling of old information. We believe that at no point was there a security risk to Check Point, its customers, or employees.”
The vendor posted a similar message on its support pageand added that the breach had only affected three organizations in December 2024. It stated that the breach was caused by the misuse of compromised credentials for a portal account.
The vendor also posted a similar statement to its support page adding that the break-in had only affected three organizations in December 2024. This does not include customer systems, production or security architecture. Alon Gal, Hudson Rock’s CTO and co-founder, was one of many prominent industry figures who raised concerns about the criminal allegations.
- Tired airport security queues? Researchers claim that you can inject SQL into the cockpit
- ZDI shames Microsoft over a coordinated vulnerability disclosure snafu.
- Another mSpy breach has been exposed: Millions of stalkerware users have been exposed
- US warns Iranian terrorists crew broke into “multiple” US water facilities
Prior to the vendor’s reply, he statedthe screenshots provided by the criminal
After Monday’s support page statement, Gal said:: “To me, honestly, it leaves a lot of questions unanswered, but the scope of the breach is likely narrower than initially thought.”
Gal noted that an admin panel view of CoreInjection appeared to list over 120,000 accounts. Of these, 18,824 appeared to be active, paying customers. He said in an earlier post he wanted “make sure people are not freaking out” to and could “differentiate between what the hacker is saying they have access to (source code, passwords, sensitive projects), and what they show in the images,” and added: “This could end with a limited impact which does not affect customers or Check Point’s IP.”
Check Point informed The Register ( ) that it would not make any further comments. (r)
