AVAST forum offline due to attack

From email:

Dear xxx,

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. No payment, license, or financial systems or other data were compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.

All the best,

Ondrej Vlcek
COO AVAST Software
 
Pretty sad. But I switched to Bitdefender a couple of weeks ago!
 

My Computer

System One

  • OS
    Windows 8.1.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell 8100 XPS Studio
    CPU
    i7 Quad Core 2.93ghz
    Memory
    12GB
    Graphics Card(s)
    nVidia GTS240 1GB
    Monitor(s) Displays
    Dell 24" HD
    Screen Resolution
    1920x1080
    Keyboard
    Dell Wireless
    Mouse
    Dell Wireless
    Internet Speed
    6/1
    Browser
    Firefox
    Antivirus
    Bitdefender Total Security 2015
Ugh, that's why I could not get to Avast forum yesterday. I wanted to check about a feature but could not get there.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home made
    CPU
    AMD Ryzen7 2700x
    Motherboard
    Asus Prime x470 Pro
    Memory
    16GB Kingston 3600
    Graphics Card(s)
    Asus strix 570 OC 4gb
    Hard Drives
    Samsung 960 evo 250GB
    Silicon Power V70 240GB SSD
    WD 1 TB Blue
    WD 2 TB Blue
    Bunch of backup HDDs.
    PSU
    Sharkoon, Silent Storm 660W
    Case
    Raidmax
    Cooling
    CCM Nepton 140xl
    Internet Speed
    40/2 Mbps
    Browser
    Firefox
    Antivirus
    WD
What a recommendation that is.
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64
    Computer type
    Tablet
    System Manufacturer/Model
    Surface Pro 3
    CPU
    i5
    Memory
    4GB DDR3
    Graphics Card(s)
    Intel Graphics HD
    Screen Resolution
    2160 x 1440
    Hard Drives
    128GB SSD, 128GB MicroSD
    Internet Speed
    8GB
    Antivirus
    Bitdefender
What a recommendation that is.
It was about "Grime Fighter" but found about it other way and decided I don't need it.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home made
    CPU
    AMD Ryzen7 2700x
    Motherboard
    Asus Prime x470 Pro
    Memory
    16GB Kingston 3600
    Graphics Card(s)
    Asus strix 570 OC 4gb
    Hard Drives
    Samsung 960 evo 250GB
    Silicon Power V70 240GB SSD
    WD 1 TB Blue
    WD 2 TB Blue
    Bunch of backup HDDs.
    PSU
    Sharkoon, Silent Storm 660W
    Case
    Raidmax
    Cooling
    CCM Nepton 140xl
    Internet Speed
    40/2 Mbps
    Browser
    Firefox
    Antivirus
    WD
They should look into running some kind of antivirus.
 

My Computer

System One

  • OS
    Windows 8.1 consumer 64 bit
    Computer type
    Laptop
    System Manufacturer/Model
    Acer Aspire M5 481PT-6644
    CPU
    Intel Core I5
    Memory
    6 GB
    Hard Drives
    Spinning/SSD hybrid 500GB/20GB
    Mouse
    ELAN Trackpad
    Internet Speed
    18mbs/5mbs
    Browser
    Chrome
    Antivirus
    Windows Defender

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home made
    CPU
    AMD Ryzen7 2700x
    Motherboard
    Asus Prime x470 Pro
    Memory
    16GB Kingston 3600
    Graphics Card(s)
    Asus strix 570 OC 4gb
    Hard Drives
    Samsung 960 evo 250GB
    Silicon Power V70 240GB SSD
    WD 1 TB Blue
    WD 2 TB Blue
    Bunch of backup HDDs.
    PSU
    Sharkoon, Silent Storm 660W
    Case
    Raidmax
    Cooling
    CCM Nepton 140xl
    Internet Speed
    40/2 Mbps
    Browser
    Firefox
    Antivirus
    WD
Seems it can happen to anyone - even if you are in the business of fighting them. Too bad!
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavillion p6230f
    CPU
    HP AMD Phenom II X4 810
    Motherboard
    FOXCONN ALOE
    Memory
    8 GBytes
    Graphics Card(s)
    ATI/AMD Radeon HD 42
    Sound Card
    ATI/AMD SB600 - High
    Monitor(s) Displays
    Dell SE198WFP
    Screen Resolution
    1440 x 900
    Hard Drives
    Seagate ST3750528AS
    Browser
    IE 11
    Antivirus
    Windows Defender
Hackers should go to work helping to fight hacking.
They could make good money & not end up playing pick up the soap in a federal prison. :)
 

My Computer

System One

  • OS
    Windows 8.1.1 Pro with Media Center
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Gateway
    CPU
    AMD K140 Cores 2 Threads 2 Name AMD K140 Package Socket FT1 BGA Technology 40nm
    Motherboard
    Manufacturer Gateway Model SX2110G (P0)
    Memory
    Type DDR3 Size 8192 MBytes DRAM Frequency 532.3 MHz
    Graphics Card(s)
    ATI AMD Radeon HD 7310 Graphics
    Sound Card
    AMD High Definition Audio Device Realtek High Definition Audio USB Audio Device
    Monitor(s) Displays
    Name 1950W on AMD Radeon HD 7310 Graphics Current Resolution 1366x768 pixels Work Resolution 1366x76
    Screen Resolution
    Current Resolution 1366x768 pixels Work Resolution 1366x768 pixels
    Hard Drives
    AMD K140
    Cores 2
    Threads 2
    Name AMD K140
    Package Socket FT1 BGA
    Technology 40nm
    Specification AMD E1-1200 APU with Radeon HD Graphics
    Family F
    Extended Family 14
    Model 2
    Extended Model 2
    Stepping 0
    Revision ON-C0
    Instruction
    Browser
    Opera 24.0
    Antivirus
    Avast Internet Security
I wonder which third-party platform was compromised though?

I also wonder how much the competition (who are all well versed in hacking, let's face it) has anything to do with it :facetious:

"Competitive intelligence" levels out two scenarios of description as the legal and ethical activity of systematically gathering, analyzing and managing information on industrial competitors becomes beneficial. It may include activities such as examining newspaper articles, corporate publications, websites, patent filings, specialised databases, information at trade shows and the like to determine information on a corporation
 

My Computer

System One

  • OS
    PC-DOS v1.0
    Computer type
    PC/Desktop
    System Manufacturer/Model
    IBM
    CPU
    Intel 8088, 4.77MHz
    Memory
    16K, 640K max
    Graphics Card(s)
    What's that?
    Sound Card
    Not quite
    Screen Resolution
    80 X 24 text
    Hard Drives
    dual 160KB 5.25-inch disk drives
what amazes me is that a large antivirus company does not have enough protection on their forum to keep hackers out!
 

My Computer

System One

  • OS
    4 Windows 7 Pro Sp1- 4 Win 8 Pro, 1- xp pro sp3
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dell Optiplex 390, 380, 3 Vostro Laptops (7 computers in all)
    CPU
    desktop/laptop
    Memory
    4gigs
    Graphics Card(s)
    atm randioum
    Hard Drives
    350,250
For the moment zero reports of hacks on any sites using the same forum software, maybe someone got hold of an admin password. It then takes a few minutes to dump the database then leave the place.
 

My Computer

System One

  • OS
    W8.1, W7
    Computer type
    Laptop
    System Manufacturer/Model
    HP \ Toshiba \ Lenovo \ Dell E7440
    Browser
    FF
Hackers should go to work helping to fight hacking.
They could make good money & not end up playing pick up the soap in a federal prison. :)
I'm willing to bet that (as a rule) professional cyber-criminals make a lot more money, than Indian (or even US) IT personnel.

A classic example of why the term "Cloud security" should be treated as an oxymoron.
"Cloud" providers are just one-stop-lolly-shops for cyber-criminals.
 

My Computer

System One

  • OS
    Windows 7 Ultimate SP1 (64 bit), Linux Mint 18.3 MATE (64 bit)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    n/a
    CPU
    AMD Phenom II x6 1055T, 2.8 GHz
    Motherboard
    ASRock 880GMH-LE/USB3
    Memory
    8GB DDR3 1333 G-Skill Ares F3-1333C9D-8GAO (4GB x 2)
    Graphics Card(s)
    ATI Radeon HD6450
    Sound Card
    Realtek?
    Monitor(s) Displays
    Samsung S23B350
    Screen Resolution
    1920x1080
    Hard Drives
    Western Digital 1.5 TB (SATA), Western Digital 2 TB (SATA), Western Digital 3 TB (SATA)
    Case
    Tower
    Mouse
    Wired Optical
    Other Info
    Linux Mint 16 MATE (64 bit) replaced with Linux Mint 17 MATE (64 bit) - 2014-05-17
    Linux Mint 14 MATE (64 bit) replaced with Linux Mint 16 MATE (64 bit) - 2013-11-13
    Ubuntu 10.04 (64 bit) replaced with Linux Mint 14 MATE (64 bit) - 2013-01-14
    RAM & Graphics Card Upgraded - 2013-01-13
    Monitor Upgraded - 2012-04-20
    System Upgraded - 2011-05-21, 2010-07-14
    HDD Upgraded - 2010-08-11, 2011-08-24,
Back online, continuing on SMF platform, so the software must be fine, thus the hack definitely points towards a leaked\cracked admin password (the easiest and best way in!)
 

My Computer

System One

  • OS
    W8.1, W7
    Computer type
    Laptop
    System Manufacturer/Model
    HP \ Toshiba \ Lenovo \ Dell E7440
    Browser
    FF
Hackers should go to work helping to fight hacking.
They could make good money & not end up playing pick up the soap in a federal prison. :)

If I remember correctly Google Chrome offered literally ANYBODY who could hack their browser/show them holes in it a hefty dollar amount.

For the moment zero reports of hacks on any sites using the same forum software, maybe someone got hold of an admin password. It then takes a few minutes to dump the database then leave the place.

Most likely SMF is one of the better forum software out there from personal experience. It is also one of the few that still does constant updates ( * cough * vbulletin uses same old crap * cough * )

Back online, continuing on SMF platform, so the software must be fine, thus the hack definitely points towards a leaked\cracked admin password (the easiest and best way in!)

I actually like SMF, I used to host a couple of gaming forums and SMF was always one of my first choices I would consider. A hacked admin password does seem more likely though. Even then it seems disappointing as I know you can make it so only certain administrators have access to the databases that contained the hashed information they are referring to. So this implies more than just that as well.
 

My Computer

System One

  • OS
    windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    iBUYPOWER
    CPU
    AMD 8320
    Graphics Card(s)
    Radeon 7850
    Screen Resolution
    1024x768
    Case
    Azza Solaris
    Internet Speed
    50MBps download/10MBps upload
    Browser
    Chrome/Firefox/Internet Explorer
    Antivirus
    Malwarebytes PRO
Back
Top