Avast, an anti-virus company based in Prague, took its community forum offline following a major data breach which occurred.
Information stolen includes nicknames, usernames, email addresses, and encrypted passwords. According to Avast CEO Vince Steckler, less than 400,000 of the 200 million users would have been affected.
In a blog recently posted, the CEO claims that they understand that it is a serious problem to have this personal information stolen, and then he proceeds to apologize. However, they claim that no payment information was compromised which should help put some users at ease.
As of now, the company has not figured out how the forum was breached. Leaked passwords were hashed which means that hackers obtained passwords and cryptographic representations of those passwords which had already been run through a complex algorithm.
Though the algorithm used to hash passwords was not revealed, the company warns that "it could be possible for a sophisticated thief to derive many of the passwords." They are also concerned that his could lead to vulnerabilities in hacking credentials and other pertinent information.
As long as hackers have access to original passwords and decoding tools found in powerful graphic processors, other passwords and information could technically be stolen. however, the more complicated and lengthy a password is, the harder it is to crack.
Users are cautioned to change passwords immediately and hopefully the new passwords will be more complicated, such as with the mixing of numbers and letters or capitals and lowercase letters, and this could make hacking less plausible.
In the future, Avast plans to rebuild the forum using a new software platform which will be more secure. They will continue to investigate how the breach occurred as well.