Avast Closes Forum As Security Company Hacked

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Avast says customers will need to change their passwords following forum attack

Anti-virus provider Avast has admitted to a breach of its forum website, which has exposed certain user data.

User nicknames, usernames, email addresses and hashed passwords were compromised in the attack. Avast has not yet determined how the hacker got access to the site’s database.

VincentStecklerAvasttopAvast breached

Where users have the same password for the Avast forum as other sites, they’ve been advised to change those credentials. Once the forum is back online, users will be asked to change their password.

“Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords,” said Vince Steckler, CEO of Avast (pictured).

“This issue only affects our community-support forum. Less than 0.2 percent of our 200 million users were affected. No payment, license, or financial systems or other data was compromised.

“We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure… we do believe that the attack just occurred and we detected it essentially immediately.”

As in the eBay breach of last week, only the password was protected with a hash, whilst other data was not encrypted. The auction giant faced criticism not just for its slow response in getting warning emails out to customers, but for not wrapping protection around other user data, such as addresses.

Avast has been targeted before. In October 2013, pro-Palestinian hackers tried to breach its website security, but their efforts were blocked.

What do you know about Internet security? Find out with our quiz!