Avast Takes Down User Forum After Breach
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Avast Takes Down User Forum After Breach

Avast Takes Down User Forum After Breach
Written By
Sean Michael Kerner
Sean Michael Kerner
May 27, 2014
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Security firm Avast has shut down its online user forum after it was breached by attackers over the weekend.

Avast CEO Vince Steckler publicly acknowledged the breach—in which usernames, email addresses and encrypted passwords were stolen—in a blog post on May 26. No financial systems or payment information for Avast users were impacted by the breach, however, he added.

“This issue only affects our community-support forum,” Steckler wrote. “Less than 0.2 percent of our 200 million users were affected.”

Avast has now taken its user forum completely offline, though Steckler advises users to change their passwords if they use the same password on multiple sites.

“We are now rebuilding the forum and moving it to a different software platform,” Steckler wrote. “This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known.”

Security vulnerabilities in online forum software are not a new phenomenon. Back in 2009, the popular open-source PHPbb.com forum was hacked. And the vBulletin online forum software has been repeatedly targeted over the years by attackers.

An Avast spokesperson told eWEEK that the company’s forum was running the open-source Simple Machines Forum (SMF) version 2.0.6.

“The latest version is SMF 2.0.7 but according to the SMF change log (and the announcements on the SMF web site) there were no security-related updates included in this version,” Avast stated. “The vulnerability was not known to us. It is not clear whether the attack was conducted via a 0-day vulnerability or a hole that was silently fixed in v2.0.7 but never announced.”

In terms of how Avast was able to detect the attack, the company noted that its forum went down as a result of the attack, which occurred on the morning of Saturday, May 24.

“We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you,” Steckler wrote. “However, this is an isolated third-party system and your sensitive data remains secure.”

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Sean Michael Kerner
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information