Avast! has taken down its community forum following a data breach

Anti-virus firm Avast! has ‘fessed up to a breach. The small upside is that the mess only impacts the company’s forums. As the company’s CEO Vincent Steckler has blogged “Less than 0.2% of our 200 million users were affected. No payment, license, or financial systems or other data was compromised.” Don’t click away to another story yet: user names, email addresses and hashed passwords were compromised, so Steckler says “If you use the same password and user names to log into any other sites, please change those passwords immediately.”

Prague-based antivirus company Avast said Monday it took its community forum offline after a data breach, but payment information was not compromised. Usernames and nicknames, email addresses and encrypted passwords were obtained in an attack over the weekend, wrote Avast CEO Vince Steckler on a company blog. The attack affected less than 400,000 of Avast’s 200 million users. “We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you,” Steckler wrote. How the forum was breached remains unknown, Steckler wrote. The leaked passwords were hashed, which means that hackers obtained cryptographic representations of passwords that have been run through an algorithm. For example, the password “Rover” run through the SHA-1 algorithm is “ac54ed2d6c6c938bb66c63c5d0282e9332eed72c.”