Avast has suffered a serious security breach that has led to compromise of details of over 350,000 forum users.
The company sent an apologetic email to forum users informing them about the breach and has taken down the forum powered by Simple Machines Forum for rebuilding purpose. The compromised community-managed forum had over one million posts and around 356,000 members.
Avast Software CEO Vince Steckler revealed in a blog post that the forum was hacked over the weekend, confirming around 0.2 percent of the firm’s 200 million users’ details were compromised during the attack.
Avast clarified that no financial information was stolen during the attack, but “user nicknames, user names, email addresses and hashed (one-way encrypted) passwords” were compromised.
“If you use the same password and user names to log into any other sites, please change those passwords immediately,” Steckler said. “Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.”
It’s still unclear how the breach occurred. Steckler said that the hackers leveraged a vulnerability in the software from Simple Machines Forum, used to host the forum.
“This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately,” Steckler said.
Avast’s online forums will be currently offline while it is rebuilt and moved to a different software platform. The company promises that the forums will be faster and much more secure on returning.