Avast Community Forum Hacked
Yes, Avast community forum was hacked, and no, your payment information was not compromised. A few days after the notorious hack, the forum is still down and we don't expect it to be up and running until the Avast team finishes the forum migration procedure to a different software. So, what do we know by now?
As horrific as it sounds, the hack might not be that bad, affecting only 0.2% of forum users, and that would make about 400.000 user nicknames, passwords and email addresses. The company has notified the users whose data they believe might have been compromised.
Since the community forum was using third-party software, no financial information got compromised, which is also somewhat comforting. There is one thing, however, that may make some of the most reckless users a bit nervous - passwords.
The data obtained by hackers was hashed (do not confuse with encryption), so a hopelessly useless password like "myAvastpassword" would look like a set of gibberish. Nevertheless, the hackers will be able to crack the public algorithm and obtain the actual passwords and emails. This means you must take immediate action to change passwords for those websites that you used the same pass as for the Avast forum.
It would also be wise to change the email password, and start using secure password generators and password management software to store your passwords securely. We covered a secure password tutorial, so check it out for more safety guidelines.
As for Avast, the company doesn't publicly voice how the hackers gained access, but rumor goes the forum software wasn't dully updated for the last two years, even though the software developer company released at least two patches since 2012, which seems to be the last time forum software was updated. Again, that is only a rumor and there is no confirmation from the company on any of these speculations.
The competitors rejoice, obviously, but no security company is hack-proof, as ironically as it seems. I guess we will never know the truth, but I wouldn't be surprised if the hack originated from a rival rather than an actual group of malicious hackers. And taking into account the recent trend in the NSA and the UK surveillance agencies to hire talented hackers, we are looking at the world where law and crime work together for the ultimate good there is - Profit.