Czech anti-virus vendor Avast has been forced to take its user forum offline after it was hacked over the weekend, despite claiming payment systems were not compromised.
Vice Steckler, CEO of Avast, the Prague-headquartered firm, revealed the news in a blog post on Monday, saying that the Avast forum would remain out of action “for a brief period”.
“It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised,” he added.
“Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately.”
Steckler said passwords will be reset for all users once the forum comes back online.
He claimed that less than 0.2% of the firm’s 200 million users were affected – which still amounts to a not insubstantial 400,000 – and that “no payment, license, or financial systems or other data” was compromised.
The community support forum in question is hosted on a third party software platform and the cause of the breach is not yet known, according to Avast. However, Steckler promised the firm was moving it to another platform in a bid to make the forum faster and more secure for users.
He added that the firm thinks it caught the attack immediately, so the window of exposure should be fairly small.
“We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you,” said Steckler. “However, this is an isolated third-party system and your sensitive data remains secure.”
The news comes just days after eBay asked its users to change their passwords due to a major data breach at the internet giant.
Unlike Avast, the online trading platform was heavily criticized for acting too slowly and failing to fully explain the risks facing its users.