Avast forums forced offline by weekend hack attack, 400,000 users affected

CEO Vince Steckler of security company Avast Software has announced in a blog post that details of 400,000 Avast forum users have been compromised in a malicious attack against the company over the past weekend. Although it is unclear exactly how the attack occurred, Steckler says that the raid was lodged against the underlying third-party software powering the forums.

Writing on the Avast blog, he explained that 0.2% of the 200 million Avast users are affected and reassured that no payment or licensing details were taken as the issue solely affects the forum. The site has been taken offline and will reportedly remain so "for a brief period" whilst the attack is analyzed and affected users are notified and told to change their passwords. Usernames, nick-names, email addresses and passwords were all taken. Steckler warns that "it could be possible for a sophisticated thief to derive many of the passwords" despite them being stored in a hashed, encrypted form.

Avast say that the attack was detected 'essentially immediately' but how the attacker gained access to where the user databases are stored is unknown. The company is abandoning the third-party forum provider that has been compromised and is moving to a different software platform which will apparently be 'faster and more secure'. The hack comes just days after databases containing user details were stolen from eBay in a sophisticated attack that has affected thousands of users although this incident is almost certainly unrelated to the breach at Avast.

Avast is known for their sophisticated anti-virus and anti-malware software packages for both individuals and businesses and the programs usually perform well in tests against malicious software. Hopefully this attack against the company won't result in distrust by consumers regarding their products as, of course, there was no way of stopping what occurred over the weekend. If you are an affected user of the security breach then Avast will be contacting you shortly to inform you what information has been taken in more detail. All users of the Avast community support forum will have to change their passwords the next time that they login once the system is put back online.

Source & Image: Avast

Report a problem with article
Previous Story

Microsoft warns against registry hack that allows Windows XP updates

Next Story

Pricing for Xbox One in Japan revealed, with and without Kinect

20 Comments

Commenting is disabled on this article.

We're still in the cavemen phase of software engineering.

It's well past time software companies and individuals who want to sell stuff be held responsible for the increasingly bigger piles of crap they churn out, even as much as be "voluntarily required" to pass standards, audits and certifications, like physical products have to go through FCC, IEC, UL, TUV etc.. The more, the better, too.

And if something then goes wrong, pay damages or be clapped in irons. After all, if a physical product asplodes and burns your house down, sueballs are a given. If software does that - oh, it's supposed to do that and, by the way, here's the "as is" disclaimer.

Not only it will reduce and further deter many of the clueless coders from ever going near keyboards again in a real friggin' hurry, but it will ensure more jobs for the industry and perhaps form some actually good practices among the dogpile of idiocy currently prevalent in "everybody can be a coder" world.

As a matter of fact I am. I especially target my ramble towards such third party solutions, even though it relates to every software being sold or otherwise publicly provided.
Now, it probably was some free software where no guarantees can reasonably be expected, but even free software could pass such audits for a price (although I doubt one would want to throw it at people for free then - they might start learning value of somebody's hard work at last), but if not - trust it as you trust it now.

Oh and all software products shall also have limited warranty. In EU - 2 years minimum, in which adequate remedy or step-up shall be provided, if found defective.

If this had been a practice from the beginning or at least the 90s, we'd have much much less billionaire software companies that give less attention to quality than effs that Exxon gives about fish people, I tell you that.

Thank you for your very keen, albeit more than empty and absolutely worthless observation that does not add to the topic at hand nor contributes to general public at all. Hope it made *you* feel better.

I used to have Avast before but stopped using it couple of years ago when their messed up virus database update flagged many user files as virus and quarantined it without confirmation. I now use Comodo free antivirus and firewall and never had any issue with it. Unlike Avast, you don't have to register it and it works very well.

Auditor said,
I used to have Avast before but stopped using it couple of years ago when their messed up virus database update flagged many user files as virus and quarantined it without confirmation. I now use Comodo free antivirus and firewall and never had any issue with it. Unlike Avast, you don't have to register it and it works very well.

Yes they flagged HTML files. Which isn't great but doesn't bring the system to it's knee's like AVG has done.

warwagon said,

Yes they flagged HTML files. Which isn't great but doesn't bring the system to it's knee's like AVG has done.

I don't remember HTML one but I think there was some flagging of Docx files.

Well, as the article states, the AV software itself, is unaffected as this was attack on teh forums. To put it simply, if neowin was attacked, how would it affect your AV software ? ;)

Draconian Guppy said,
Well, as the article states, the AV software itself, is unaffected as this was attack on teh forums. To put it simply, if neowin was attacked, how would it affect your AV software ? ;)

If they can't protect "their" site, how can they protect other people's PCs'
"Charity begins at home" ...... you know.

I don't think so, because it's not really their fault.

article,
the underlying third-party software powering the forums.