Avast takes community forum offline after data breachMay 27, 2014 – 5:08 AM
Prague-based antivirus company Avast said Monday it took its community forum offline after a data breach, but payment information was not compromised.
Usernames and nicknames, email addresses and encrypted passwords were obtained in an attack over the weekend, wrote Avast CEO Vince Steckler on a company blog. The attack affected less than 400,000 of Avast’s 200 million users.
“We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you,” Steckler wrote.
How the forum was breached remains unknown, Steckler wrote. The leaked passwords were hashed, which means that hackers obtained cryptographic representations of passwords that have been run through an algorithm. For example, the password “Rover” run through the SHA-1 algorithm is “ac54ed2d6c6c938bb66c63c5d0282e9332eed72c.”
Steckler didn’t specify the algorithm Avast uses to hash passwords, but warned that “it could be possible for a sophisticated thief to derive many of the passwords.”
Converting those hashes into their original passwords is possible using decoding tools and powerful graphics processors. But the longer and more complicated the password — such as one with a mix of capital letters, numbers and symbols — the harder it is to crack.