The forum of the well-known Internet security software company Avast has gone offline because of a cyber attack.
Details about how the hack took place are scarce, but it’s been announced on the Avast blog that user nicknames, usernames, email addresses and passwords were compromised. Avast states that compromised passwords were hashed (Brian Krebs claims Avast used sha1 with salt), but that an experienced hacker could decode them.
The attack only affected the Community Support Forum and “less than 0.2% of [Avast’s] 200 million users were affected”. 0.2% might seem low at first but when you do the maths, 400,000 leaked records is quite significant.
Like the eBay breach, no financial information was compromised but it’s advised that if you use the same email address and password combination on other sites then you should change them.