According to softpedia Vince Steckler, CEO AVAST Software, confirmed the attack today and announced that the company decided to take the forum offline in order to continue work on resetting all user passwords in order to keep everyone protected.
Users will be asked to set new passwords when they log back in, Steckler explained, and everyone is recommended to change their passwords in case they’re using it on some other websites as well.
“If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work,” he said.
AVAST claims that only the forum was compromised and no other details have been accessed, which means that financial details or any payment information is completely safe.
“This issue only affects our community-support forum. Less than 0.2% of our 200 million users were affected. No payment, license, or financial systems or other data was compromised,” Steckler continued.
As far as the stolen passwords are concerned, the security vendor explained that all of them were hashed, but an experienced thief could still decrypt them and thus gain access to user accounts. That’s why everyone will have to set a new password when the forums are back online.
At the same time, AVAST says that it doesn’t have any details right now as to how the attackers managed to break into the forums, but added that the new version, which will be soon online, will be based on a new platform that provides enhanced stability and security.
“We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately,” the company explained.
This is basically the second very important security breach of the month, after online retailer eBay asked users to change all their passwords as soon as possible due to a similar hack.
AVAST’s forum is still offline at the time of writing this article, but it’s expected to be brought back online in the next 24 hours.