Check Point, a prominent cybersecurity company, has officially confirmed that recent claims made on the dark web forum BreachForums regarding hacked data from the company are tied to a past incident that occurred in December 2024. The company has reassured customers that there are no ongoing security threats stemming from this event.
The post on BreachForums, authored by a user with the alias “CoreInjection,” alleged that sensitive Check Point data, including internal network maps, source code, and customer information, was up for sale. However, Check Point quickly responded to these claims, debunking them as exaggerated and recycled information from a prior security breach.
A spokesperson for Check Point provided details on the nature of the breach, explaining that it originated from the compromise of credentials linked to a portal account with limited access. This portal, the company clarified, did not have connections to critical systems or infrastructure, and the breach only affected three organizations, exposing limited data such as account names and product details.
The company emphasized that no confidential customer systems or employee credentials were compromised during the incident. Check Point labeled CoreInjection’s claims as misleading and stated that there are no security risks to customers or employees as a result of this old and isolated event.
The claims made by CoreInjection, including screenshots allegedly showing detailed customer contract information, were refuted by Check Point as false and exaggerated. The company clarified that the compromised portal did not provide access to such sensitive customer data and had internal safeguards in place to prevent further escalation of the breach.
While Check Point has provided assurances that there is no current risk to customers, questions remain about the timeline of the breach resolution and the origin of the compromised credentials. The company is conducting further investigations into the hacker’s claims and their motives, though no official public statement beyond the initial response has been made yet.
The emergence of CoreInjection’s claims underscores the persistent risks of misinformation in the cybersecurity space and the challenges companies face in managing breaches. Customers and industry experts eagerly await additional updates from Check Point to provide clarity and closure on this matter.
As the investigation progresses, it is essential for stakeholders to stay informed and remain vigilant regarding cybersecurity threats. Check Point plans to address any developments in due course to ensure transparency and maintain trust with its customers and the wider community.