Cybersecurity giant Check Point has confirmed that a recent post on a notorious dark web forum, BreachForums, attempting to sell allegedly hacked data from the company, relates to an “old, known, and pinpointed event.”
The incident, according to Check Point, occurred in December 2024 and was thoroughly addressed at the time, with no ongoing security implications for the company or its customers.
The BreachForums post, created on March 30, 2025, by a user with the alias “CoreInjection,” claimed to possess sensitive Check Point data, reportedly including internal network maps, source code, and customer details.
.png
)
However, Check Point swiftly responded to these claims, discrediting the post as exaggerated, recycled information from a past security event.
The Nature of the Breach
According to a company spokesperson, the event originated in December 2024, stemming from the compromise of credentials tied to a portal account with limited access.
This portal, Check Point clarified, does not connect to any customer systems, production architecture, or critical security infrastructures.
The breach affected only three organizations, revealing limited data such as account names, product details, customer contact names, and a handful of employee email addresses.
No confidential customer systems or employee credentials were exposed, the company assured.
“CoreInjection’s claims represent a significant mischaracterization of the incident,” Check Point’s official statement read. “
There are no security implications or risks to Check Point customers or employees. This was an isolated, minor event, fully remediated months ago.”
Misinformation in the Hacker’s Claims
CoreInjection’s post included screenshots that purportedly showed an admin dashboard containing what appeared to be data on over 120,000 accounts, including 18,864 paying customers with detailed contract information stretching into 2031.
These claims, Check Point stated, were “false and exaggerated.” The company clarified that the portal involved in the December breach did not offer administrative-level privileges or access to such sensitive customer data.
Check Point added that the portal in question had robust internal mitigations in place, which prevented the breach from escalating into a more severe security incident.
The company did not comment directly on how CoreInjection obtained the compromised credentials but hinted at the possibility of phishing or credential-stealing malware like infostealers being involved.
Pending Clarifications and Further Action
The incident has triggered follow-up questions for Check Point, ranging from the exact timeline of the breach’s resolution to the origin of the compromised credentials.
While the company has assured customers that there is no risk, further investigation into the hacker’s claims and their possible motivations continues.
Check Point has not yet committed to making an official public statement beyond its initial response but may do so in the coming days to “calm the waters,” especially given the circulation of screenshots allegedly tied to the company’s databases.
While Check Point has provided reassurances that the incident is an outdated and inconsequential event, the emergence of CoreInjection’s claims highlights the persistent risks of misinformation and the complexities of managing cybersecurity breaches.
For now, customers and industry observers await further updates, hoping for clarity and additional details to bring closure to the matter.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
