A scandal is erupting around the Israeli cybersecurity company Check Point—a hacker using the alias CoreInjection claimed to have accessed confidential information and is offering it for five bitcoins, which at the time of publication is approximately $420,000. Check Point insists that this incident is old and did not affect clients’ infrastructure, but darknet postings and expert comments cast doubt on that claim.
The attacker alleges that he possesses internal network maps, architectural diagrams, passwords (including hashes and plaintext values), employee contact details, technical documentation, and even the source code of programs. The data set also includes binary files and client information, such as contract details valid until 2031.
The alleged leak was first reported on LinkedIn by Hudson Rock co-founder Alon Gal. He asserts that there is a high probability that an administrator-level account was compromised. In support of his claim, screenshots from the Check Point Infinity control panel were provided, showing API keys with “Admin” rights, account editing functions, two-factor authentication reset options, and client details.
In response, Check Point described the incident as “known, old, and isolated,” emphasizing that it did not affect production environments or the architecture of clients’ security systems. According to the company, the leak affected only three clients and was investigated back in December 2024, during which only the credentials of a portal account with limited access rights were compromised.
However, Gal questioned the company’s statement, pointing out discrepancies between the description of the incident and the content of the published screenshots. He was particularly alarmed by the data showing 121,120 accounts and nearly 19,000 paying clients with details of their services and contract durations.
Moreover, Gal asked why there was no public report or filing with the U.S. Securities and Exchange Commission (SEC) regarding such an incident, considering that Check Point is a public company. He stressed that transparency in such cases is critically important, especially when it involves a potential leak of client data.
Later, Check Point released an extended statement confirming that the incident did occur in December and involved a limited number of accounts. However, the company also emphasized that the hacker’s post exaggerates the scale of the incident and misleads people, adding that the portal system has internal protection mechanisms to mitigate the consequences of such breaches.
The method of the hack and the technical details of the breach remain unanswered. While company representatives referred to “credentials with limited rights,” they did not explain how those could have led to administrator-level access.
Doubts about the official version are further reinforced by visual evidence—the hacker’s screenshots clearly display privileged rights, API keys with full access, and data that could hardly have been obtained through a “limited” account. These contradictions and the lack of comprehensive reporting have increased distrust in the company’s public stance.
While Check Point maintains that there is no security threat, discussions continue within the cybersecurity community—whether this is merely a “recycling of old data” or a signal of a deeper vulnerability yet to be uncovered.
The attacker alleges that he possesses internal network maps, architectural diagrams, passwords (including hashes and plaintext values), employee contact details, technical documentation, and even the source code of programs. The data set also includes binary files and client information, such as contract details valid until 2031.
The alleged leak was first reported on LinkedIn by Hudson Rock co-founder Alon Gal. He asserts that there is a high probability that an administrator-level account was compromised. In support of his claim, screenshots from the Check Point Infinity control panel were provided, showing API keys with “Admin” rights, account editing functions, two-factor authentication reset options, and client details.
In response, Check Point described the incident as “known, old, and isolated,” emphasizing that it did not affect production environments or the architecture of clients’ security systems. According to the company, the leak affected only three clients and was investigated back in December 2024, during which only the credentials of a portal account with limited access rights were compromised.
However, Gal questioned the company’s statement, pointing out discrepancies between the description of the incident and the content of the published screenshots. He was particularly alarmed by the data showing 121,120 accounts and nearly 19,000 paying clients with details of their services and contract durations.
Moreover, Gal asked why there was no public report or filing with the U.S. Securities and Exchange Commission (SEC) regarding such an incident, considering that Check Point is a public company. He stressed that transparency in such cases is critically important, especially when it involves a potential leak of client data.
Later, Check Point released an extended statement confirming that the incident did occur in December and involved a limited number of accounts. However, the company also emphasized that the hacker’s post exaggerates the scale of the incident and misleads people, adding that the portal system has internal protection mechanisms to mitigate the consequences of such breaches.
The method of the hack and the technical details of the breach remain unanswered. While company representatives referred to “credentials with limited rights,” they did not explain how those could have led to administrator-level access.
Doubts about the official version are further reinforced by visual evidence—the hacker’s screenshots clearly display privileged rights, API keys with full access, and data that could hardly have been obtained through a “limited” account. These contradictions and the lack of comprehensive reporting have increased distrust in the company’s public stance.
While Check Point maintains that there is no security threat, discussions continue within the cybersecurity community—whether this is merely a “recycling of old data” or a signal of a deeper vulnerability yet to be uncovered.
