Avast announced today on it’s blog that the avast forum was hacked. The forum suffered a serious security breach and 0.2% of it’s 200 millions customer accounts were affected. Near 400 000 avast accounts were affected by this cyber attack. In this way the user nicknames, user names, email addresses and hashed passwords were compromised.
Avast CEO, Vince Steckler, mentioned on Avast blog that the forum was hosted on a third party software platform and that they are rebuilding it right now on another software platform, a software platform that will be more faster and secure.
The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.
Vince Steckler, CEO AVAST Software
The forum was running SMF version 2.0.6 at the time the attack occured. There was a RCE vulnerability in this version through which the attacker got in. The vulnerability was fixed in v2.0.7 although the fact wasn’t properly marked in the SMF changelog and/or new version announcement.
We are now in touch with SMF authors and investigating further.
Thanks for your support so far — we hope to have the forum up’n’running again soon!
vlk is a team member of Avast, and this is his comment from the Avast Blog Post regarding this hack.
You can read more regarding this website penetration on the official Avast Blog.