Hackers penetrate Avast's forums, compromise accounts

A bit of bother

Update: Simple Machines Forum told TechRadar Pro that it "Looks like it [the forum] was running an unpatched installation".

Popular security outfit Avast sent an apologetic email this morning to users of its forum saying that the latter had been compromised.

The company took down the forum and is rebuilding it; until now it used a third-party forum called Simple Machines Forum (SMF).

We contacted SMF and are awaiting to hear from them; a cached version of the forum is still available on Google.

Avast's COO, Ondrej Vleck, confirmed that it was hacked over the past weekend and "user nicknames, user names, email addresses and hashed (one-way encrypted) passwords" were compromised.

The dangers of using third parties

The hackers only made off with data from the forum; no payment, license, or financial systems or other data - from Avast's main website - were part of the bounty.

Avast has more than two hundred million installations worldwide both on mobile and desktop devices and its free avast! free antivirus package has been one of the most downloaded security software in 2013.

It was named as one of TechRadar's best free antivirus software of the year.

The compromised community-managed forum had more than one million posts and about 356,000 members.

Vlcek strongly advised forum users who have used the same password and user names on other sites to change those passwords immediately.


Editor, TechRadar Pro

Désiré (Twitter, Google+) has been musing and writing about technology since 1997. Following an eight-year stint at ITProPortal.com where he discovered the joys of global techfests, developing an uncanny attraction for anything silicon, Désiré now heads up TechRadar Pro.