Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

May 26th, 2014

AVAST forum offline due to attack

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. Less than 0.2% of our 200 million users were affected. No payment, license, or financial systems or other data was compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.

Sincerely,

Vince Steckler

CEO AVAST Software

  1. May 26th, 2014 at 21:52 | #1

    Thank you for posting an update. This gives us the opportunity to make changes on other forums if the same password was used elsewhere.
    Which, by the way, is never a good idea since one breach leads to several vulnerabilities for the individual.
    I look forward to a more secure forum on which to help those Avast users that may have a problem with avast! or their computer. :)

  2. comets19
    May 27th, 2014 at 02:03 | #2

    Google Cache reports you were using a highly outdated version of the third party software. Why was it not updated to prevent this!?

  3. May 27th, 2014 at 08:14 | #3

    @comets19
    Hello,
    Copyright message with year is static string in the translation file if you are referring to this.

  4. darth.mikey
    May 27th, 2014 at 10:35 | #4

    So who do i contact to get my forum profile deleted ?

  5. comets19
    May 27th, 2014 at 12:21 | #5

    @chocholo
    No, it is absolutely not static. It is updated with every update in a new year, even when being patched from the admin panel…! There is no way this can be blamed on the forum software avast were running, if they were using the latest version as they should, unless they made bad modifications to it OR skipped patches to certain files: potentially neglecting to patch holes there. (Which would explain the copyright not changing, for example… Files not updated. That’s no way to update.)

    There is only two options here:
    1.) Avast did not update the software, while they should have (99% likely)
    2.) One of the admins on the forum recycled passwords on many other sites, of which one perhaps was hacked. (And that can be any site, using any software.) From there, further escalation was obtained.

    But from what I can see here, the evidence suggests Avast’s negligence caused this problem. :(

  6. May 27th, 2014 at 13:18 | #6

    Thanks for keeping everyone in the loop on this issue.

  7. Moscau
    May 27th, 2014 at 14:49 | #7

    Жду с не терпеньем восстановления официального форума.Так ка являюсь участником русской ветки на форуме.Всего хорошего!!!

  8. CoffeeCake
    May 27th, 2014 at 20:31 | #8

    Just to check. Is an Avast support forum account something you have to create separately from the account you set up with avast (the one to register the free version of the software)?

    So if I’ve set up an Avast account to register Avast free, that information would NOT have been copied to the support forum account DB to set up an account there?

  9. Pseudonym
    May 27th, 2014 at 21:25 | #9

    They had not updated the forum software.
    They had run SMF 2.0.3 – released in 2012.
    But currently version 2.0.7 is released.

  10. drake127
    May 27th, 2014 at 21:29 | #10

    @CoffeeCake
    Yes, the (hacked) forum was completely separated from any other avast! account and if you used different passwords (or never registered at forum.avast.com), you are safe.

  11. drake127
    May 27th, 2014 at 21:39 | #11

    @Pseudonym
    I am sorry but you cannot judge from the copyright alone. I was told the forum used SMF 2.0.6 and I have no reason to doubt it.

    The forum was installed with some old version and manually updated using the upgrade instructions (you can find them at the maintainer site). I can see how copyright message would not be enough to find and modify the file. The instructions specifically says so “This operation isn’t vital to the installation of this mod.”

    I am not trying to defend avast! or blame the other, I am just trying to say that the matter might not be as simple. Hopefully, we’ll know in some time.

  12. May 27th, 2014 at 21:58 | #12

    Guys, please don’t jump to conclusions so easily.

    The forum was running SMF version 2.0.6 at the time the attack occured. There was a RCE vulnerability in this version through which the attacker got in. The vulnerability was fixed in v2.0.7 although the fact wasn’t properly marked in the SMF changelog and/or new version announcement.

    We are now in touch with SMF authors and investigating further.

    Thanks for your support so far — we hope to have the forum up’n’running again soon!

    Thanks
    vlk

  13. May 28th, 2014 at 04:51 | #13

    Hope this get fix..we talk a lot abou all this ..this blog also mention the issue here: http://tecnologiageek.com/hackean-foros-avast-roban-200000-cuentas/

  14. Leobaby
    May 28th, 2014 at 10:20 | #14

    Pardon me, but you such a software security company still can’t find out how the forum is compromised? If you did find out the truth, could you tell the details to let us trust you again?

  15. superted
    May 28th, 2014 at 18:32 | #15

    @vlk

    “please don’t jump to conclusions”

    If I’m not mistaken you did just that. Your comments/accusations are completely unfounded and untrue! Smf never released any security update between 2.0.6 and 2.0.7 and for a company like avast to start throwing accusations around without knowing the exact cause is ridiculous!

  16. Moscau
    May 29th, 2014 at 00:33 | #16

    Скорее всего взломал форум тот,кто был сильно разочарован вашей программой Avast! Internet Security или версией Avast! Free начиная с 8-й версии.Слишком много навороченого там стало.Нужна защита,а не обновление других программ.Очень много отрицательных отзывов,негодований и просьб о помощи.Я сам лично остался на версии Avast! Internet Security 7.0.1466,так как она стабильная,работоспособная и очень удобная в настройках.А все остальные очень непредсказуемые.У кого работают,у кого глючат,у кого что-то не так работает,а у кого и вообще не устанавливается.Зайдите в официальном форуме в русскую ветку и почитайте жалобы и просьбы о помощи.Тогда вы поймёте может причину вашего взлома форума.Сейчас от людей всё можно ожидать-и хорошего и плохого !!!Всего всем хорошего !!!

  17. MikeBCda
    June 10th, 2014 at 22:53 | #17

    Any word yet on roughly when we can expect the forum to be back up and running (probably with new IP and maybe URL)? The “brief period” referred to by Mr. Steckler has now been something like a month, including the week or so after the outage before he posted a copy of his above notice to the forum’s home-page URL. Many of us are now “flying blind”, so to speak … among other things, the Updates topic beat the heck out of any equivalent site or utility available. Many thanks, and best.

  18. cavehomme
    June 15th, 2014 at 20:44 | #18

    Are you guys serious security professionals? I think that you are, but several weeks without the forum is now raising some very serious questions about Avast’s own internal security procedures. Incorrectly blaming another vendor for your problems is not only bad form, it reflects very badly upon the company.

    Avast has a great track record, but in the past one year it has noticeably worsened in product quality and detection rates – we are not talking about the same here, but to my eyes it appears there is a systematic problem(s) at Avast and connected with the new owners / new ways of working.

    I wish you good fortune in resolving these issues and getting back on track, as well as improving detection levels and product quality.

  19. cavehomme
    June 15th, 2014 at 20:45 | #19

    I think that you guys are serious security professionals, but several weeks without the forum is now raising some very serious questions about Avast’s own internal security procedures. Incorrectly blaming another vendor for your problems is not only bad form, it reflects very badly upon the company.

    Avast has a great track record, but in the past one year it has noticeably worsened in product quality and detection rates – we are not talking about the same here, but to my eyes it appears there is a systematic problem(s) at Avast and connected with the new owners / new ways of working.

    I wish you good fortune in resolving these issues and getting back on track, as well as improving detection levels and product quality.

  20. cavehomme
    June 15th, 2014 at 20:48 | #20

    @cavehomme

    Please remove this post, placed here in error.

Comments are closed.