Hack of security vendor Avast's forums hits 400,000 users

Summary:Security vendor Avast joins the long list of tech companies whose forums have been compromised.

password-security620x465

Security vendor Avast took its community forum offline on Monday after hackers raided its user database.

In an attack on the Czech Republic-headquartered company's forums over the weekend, hackers accessed nicknames, user names, email addresses, and hashed passwords, Avast CEO Vince Steckler said on the company's blog.

The breach affected less than 0.2 percent — or roughly 400,000 — of Avast's 200 million users, Steckler said, noting that the reason for its limited scope was that it only affected users of its community-support forum, which is run on an "isolated third-party system". Accordingly, the most important customer data it holds — including payment, licence, and financial data — was not impacted.

"We realise that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you," Steckler said.

While the passwords were stored as hashed values, Steckler advised that it was still possible for a sophisticated attacker to derive the plain text passwords, which could pose a risk to affected users that re-used the password from that forum on other sites.

"If you use the same password and user names to log into any other sites, please change those passwords immediately," he warned.

Steckler didn't say whether the passwords were given the additional protection applied by salting hashed passwords, or what algorithm it used.

The CEO said he didn't understand exactly how the breach occurred, but appears to place responsibility for the incident on the platform.

"We are now rebuilding the forum and moving it to a different software platform," he said. "When it returns, it will be faster and more secure.

"This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately."

Support and community forums have been a popular target for hackers in recent years. Last year Canonical revealed that 1.9 million users of Ubuntu forums were affected by a breach.

Around the same time Ubisoft disclosed  that its forums were hacked. Meanwhile, hackers have targeted Apple's and Nvidia's developer community sites. 

Read more on security

Topics: Security

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.