SECURITY FIRM Avast has taken down its forums after a breach that compromised hundreds of thousands of users' credentials.
The anti-malware software firm's CEO Vince Steckler said in a blog post that Avast has no idea how the breach occurred, but reassured users that only 0.2 percent, or 400,000, of the 200 million forum members were affected, and no payment, license, or financial systems or other data was compromised.
"The Avast forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised," Steckler explained, adding that even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords.
"If you use the same password and user names to log into any other sites, please change those passwords immediately," he added. "Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work."
Avast is keeping its online forums offline while it is rebuilt and moved to a different software platform. When the forums return, Avast has promised that they will be faster and much more secure.
"This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately," Steckler said.
Last Thursday, auction website eBay admitted that had a similar breach sometime between February and March, and urged urged its users to change their passwords, admitting to attacks on one of its databases. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted