Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Avast forums hacked - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Avast forums hacked

    A quick note from reader James has alerted us that the anti-virus vendor avast has taken their support forum offline because it was breached this past weekend.  His notice arrived over email and is pasted below.  I could not find a formal notice on avast.com to corroborate, however the forums site is still unreachable at the time of this writing.  There are no further details on the how the forum was breached.  

     I appreciate the realistic perspective communicated that 'we hash the passwords, but that does not make it fully secure'.  If anyone happens to have any additional details they can share please post a comment.

 

Dear DigiAngel,

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. No payment, license, or financial systems or other data were compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.

All the best,

Ondrej Vlcek
COO AVAST Software


 

 

Kevin Shortt

81 Posts
ISC Handler
A formal announcement is here: https://blog.avast.com/2014/05/26/avast-forum-offline-due-to-attack/

JimC
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!