Company’s CEO Vincent Steckler today stated in a blog post that user’s nicknames, user names, email addresses and hashed passwords were compromised in an attack on Avast Forum which took place over this past weekend. Steckler also noted in the same blog, that although the passwords are hashed it could be possible for a sophisticated thief/programmer to derive these passwords. Avast claims that this attack seems to have affected less than 0.2% of a total of 200 million users of the forum. It also claimed that no financial details like payment, license terms or other data were compromised. The Forum (forum.avast.com) has since been taken offline and is being rebuilt and moved to a more secure platform. Avast has already informed all the affected parties via email asking them to immediately change their passwords. Users may also change their other passwords like Facebook, Gmail and other emails, banking, etc. if its the same as the Avast forum account Once the forum is back online, affected users will be asked to reset their password while trying to logging in with the old password. The company said the Forum was hosted on a third-party software platform. This third party software may have been the weak link in the defenses of the forum which was most probably the attackers took advantage of. It is not understood how a big AV and security firm could rely on third party software for such an important website without ample security considerations.
