Prague-based antivirus and security vendor Avast has been forced to take its community forum offline after suffering a data breach over the weekend.
The company’s CEO, Vince Steckler, today revealed usernames, email addresses and encrypted passwords were obtained in an attack he said affected less than 400,000 of Avast's 200 million users.
Steckler said payment information had not been accessed.
The company is yet to provide detail on how the forum was breached. Steckler said passwords had been hashed but admitted it was possible for a “sophisticated thief” to convert the passwords into their original format.
He advised users of the Avast community support forum, which was taken down soon after the attack, to change their passwords and usernames immediately, especially if the same passwords were used for other sites.
“Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work," he said in a blog post.
Avast will rebuild the forum platform and migrate it from its current third-party provider to a new software platform which will be “faster and more secure”, Steckler said.
“We realise that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you,” Steckler said.
“However, this is an isolated third-party system and your sensitive data remains secure.”