A digital burglar is claiming to have nabbed a trove of "highly sensitive" data from Check Point - something the American-Israeli security biz claims is a huge exaggeration.
A cybercrime forum user going by the name CoreInjection advertised "a highly sensitive dataset" allegedly comprised of Check Point files on Sunday evening. They claimed this contained internal network maps and architectural diagrams, user credentials (including hashed and plaintext passwords), employee contact information, and proprietary source code.
Screenshots shared in the post appear to show CoreInjection inside a Check Point admin Infinity (security management) portal, supposedly granting themselves the ability to change users' two-factor authentication settings.
Check Point denies there was ever a security risk to customers and employees, claiming the orgs affected were "updated" at the time, and the crim was merely recycling old information.
The Register contacted Check Point for answers to various questions, many of which it did not respond to. The vendor instead sent over a brief statement: "This is an old, known, and very pinpointed event which involved only a few organizations and a portal that does not include customers' systems, production, or security architecture.
"This was handled months ago and did not include the description detailed on the dark forum message. These organizations were updated and handled at that time, and this is not more than the regular recycling of old...
By Matthew Knott and Nick Bonyhady April 19, 2025 — 5.54pm , register or subscribe to save articles for later. Save articles for later Add articles to your saved list and come back to them any tim...