The community support forum for AVAST, a popular anti-virus software, is currently offline after being hacked over the weekend, compromising the user nicknames, usernames, email addresses and hashed passwords of around 40,000 individuals.
According to a blog post by AVAST CEO Vince Steckler, a sophisticated hacker could potentially decrypt hashed passwords. He recommends that those using the same password and usernames for other sites should change their passwords immediately. Once the forum is back online, all users will be required to set new passwords.
Steckler notes, “This issue only affects our community-support forum. Less than 0.2 percent of our 200 million users were affected. No payment, license, or financial systems or other data was compromised.”
As some have noted, a security software developer having its forum hacked is a quite an embarrassment.
With recent accounts login credential compromises affecting eBay users, and AOL customers and employees, many have good reason to demand greater security and accountability when it comes to information submitted to organizations.
But last year’s hack of Ubuntu’s Forums seems to share the most similarities to the AVAST forum incident – although Ubuntu’s incident was on a bigger scale, given that attackers gained information from more than 1.8 million of its user accounts. The information divulged from its vBulletin-powered forum included usernames, email address, and hashed passwords.
Canonical, the company behind Ubuntu, took measures to protect users and harden its system against possible compromises. Any company handling user data should do likewise – preferably before a compromise occurs.