Skip to main content

Hackers penetrate Avast's forums, compromise accounts

Virus on PC
Hackers compromised a security company. Irony.

Update: Simple Machines Forum told TechRadar Pro that it "Looks like it [the forum] was running an unpatched installation".

Popular security outfit Avast sent an apologetic email this morning to users of its forum saying that the latter had been compromised.

The company took down the forum and is rebuilding it; until now it used a third-party forum called Simple Machines Forum (SMF).

We contacted SMF and are awaiting to hear from them; a cached version of the forum is still available on Google.

Avast's COO, Ondrej Vleck, confirmed that it was hacked over the past weekend and "user nicknames, user names, email addresses and hashed (one-way encrypted) passwords" were compromised.

The dangers of using third parties

The hackers only made off with data from the forum; no payment, license, or financial systems or other data - from Avast's main website - were part of the bounty.

Avast has more than two hundred million installations worldwide both on mobile and desktop devices and its free avast! free antivirus package has been one of the most downloaded security software in 2013.

It was named as one of TechRadar's best free antivirus software of the year.

The compromised community-managed forum had more than one million posts and about 356,000 members.

Vlcek strongly advised forum users who have used the same password and user names on other sites to change those passwords immediately.