CEO Vince Steckler of security company Avast Software has announced in a blog post that details of 400,000 Avast forum users have been compromised in a malicious attack against the company over the past weekend. Although it is unclear exactly how the attack occurred, Steckler says that the raid was lodged against the underlying third-party software powering the forums.
Writing on the Avast blog, he explained that 0.2% of the 200 million Avast users are affected and reassured that no payment or licensing details were taken as the issue solely affects the forum. The site has been taken offline and will reportedly remain so "for a brief period" whilst the attack is analyzed and affected users are notified and told to change their passwords. Usernames, nick-names, email addresses and passwords were all taken. Steckler warns that "it could be possible for a sophisticated thief to derive many of the passwords" despite them being stored in a hashed, encrypted form.
Avast say that the attack was detected "essentially immediately" but how the attacker gained access to where the user databases are stored is unknown. The company is abandoning the third-party forum provider that has been compromised and is moving to a different software platform which will apparently be "faster and more secure". The hack comes just days after databases containing user details were stolen from eBay in a sophisticated attack that has affected thousands of users although this incident is almost certainly unrelated to the breach at Avast.
Avast is known for their sophisticated anti-virus and anti-malware software packages for both individuals and businesses and the programs usually perform well in tests against malicious software. Hopefully this attack against the company wont result in distrust by consumers regarding their products as, of course, there was no way of stopping what occurred over the weekend. If you are an affected user of the security breach then Avast will be contacting you shortly to inform you what information has been taken in more detail. All users of the Avast community support forum will have to change their passwords the next time that they login once the system is put back online.
Source & Image: Avast