Company’s CEO Vincent Steckler today stated in a blog post that user’s nicknames, user names, email addresses and hashed passwords were compromised in a attack on Avast Forum which took place over this past weekend. Steckler also noted in the same blog, that although the passwords are hashed but it could be possible for a sophisticated thief / progammer to derive these passwords.
Avast claims that this attack seems to have affected less than 0.2% of a total of 200 million users of the forum. It also claimed that no financial details like payment, license terms or other data was compromised.
The Forum (forum.avast.com) has since been taken offline and is being rebuilt and moved to a more secure platform. Avast has already informed all the affected parties via email asking them to immediately change their passwords. Users may also change their other passwords like Facebook, gmail and other emails, banking etc. if its the same as the Avast forum account
Once the forum is back online, effected users will be asked to reset their password while trying to logging in with the old password.
The company said the Forum was hosted on a third-party Software platform. This third party software may have been the weak link in the defences of the forum which was most probably the attackers took advantage of. It is not understood how a big AV and security firm could rely on third party software for such important website without ample security considerations.