Skip to main content

Avast forums hacked with 400,000 user accounts compromised

The week has only just begun, and news of another major security snafu has come in, this time the affected firm being a security outfit – namely, Avast.

It's always a bit embarrassing when a security company is the victim of a breach, but of course their networks are fallible just as everyone else's (though security should obviously be much tighter than average, you would hope!).

In this case, the Avast forum was hacked and then taken down as per a message on the Avast blog yesterday – and it's still down currently (or at least it was when we tried to access it while writing this story).

The hack apparently occurred at the weekend, and user names, emails, and hashed passwords were stolen – Avast estimates that at the most, 0.2 per cent of users, or 400,000 folks, were affected. Note that this is just those who use the Avast community forums – the company clarified that no financial or licensing data concerning its products or otherwise was involved.

When the forum comes back up, a forced password reset will be in place to make sure everyone changes their password (something eBay was roundly criticised for not doing last week when the major breach of the auction site's database came to light). If you've used your Avast forum password elsewhere on the web, you'd be wise to change it there, too, as hackers could compromise these accounts after they've (potentially) brute-forced your password.

Vince Steckler, Avast CEO, commented: "We realise that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure."

It's not known how the attack was carried out, but Avast claimed it detected the intrusion "essentially immediately" and downed the forum – which is now being rebuilt on a different software platform. Being a security firm, Avast needs to be seen making a very forceful response to this incident.

The question of whether the firm kept the third-party forum software bang up to date with the latest security patches – an issue raised by responders to the blog post – hasn't been addressed by Avast yet. But obviously enough, they better have done, or that will up the embarrassment factor exponentially...