Avast Germany Website Hacked & Defaced, 20,000 User Accounts Leaked


It seems there was a breach and 20k account details where leaked.
If you have an account there it’s now compromised and time to change password(s).

Rule of thumb, never use the same password on your mailbox anywhere else.
The website has your email address and if you would use the same password a breach in that site would allow attackers to enter your mailbox.
And worse then they can send ‘password reset’ emails from any other site you might have an account on.

Is it just me or are these hacks getting more frequent? It almost feels like you don’t even have to think of a secure password anymore since the site is still going to get hacked at some point… :-\ Though I do use different passwords for each service, though it builds of the same password, so I have a base password and then I build from that on each site/service so if one of my passwords get hacked then I hope they don’t figure out how I build passwords from the base password. 88)
It’s hard remembering different 20 character passwords, slight variations of that 20 character password is easy to remember, but I guess it’s not really that secure. ;D

Very frequent indeed. That’s true. Your personal information online is not safe anymore…

I didn’t realize they were every safe. ???

So this Turkish hacker maxney thinks that an antivirus company has something to do with the ongoing genocide of Palestinian and East Turkistnian people?? or is it because he cannot hack the real people behind it…very strange…


This is a major breech…

The data available in those files includes a large amount of sensitive information including the following -

email addresses
plain text and encrypted passwords
dates of birth
phone numbers
PayPal details

I very much doubt that the hacker thought Avast had something to do with it, but if he hacks Avast then it gets publicity and so does his cause.

My thoughts exactly.

It does not belong to avast! but a reseller.

It’s the same thing that happened to Comodo, people don’t see the difference.

Their details should be safe with the company or the reseller or who ever else has these details.
Unfortunately there are still lot’s and lot’s of web builders that ‘charge’ extra to make their applications ‘safe’ which is complete b.s. but that’s how it seems to work…
Lot’s of turning around in that world needed to force them to deliver code that has gone trough some kind of secure development life-cycle.

That is actually worrying. Makes me wonder why parliaments have not picked up on this. It will provide politicians with “good exposure”.

The story continues, the retrieved accounts have now been phished.


The phishing mail surely comes across trustworthy as it is written in solid German for as far as I can tell. However with the suggested procedures and download url alarm bells should go off.

Yes correct, but how many mailings do you get with strange/crypted urls in them so you can ‘read this online’ ?!
I’m wondering when they start abusing such services.

So wait this effects the Avast forums or Avast my account? ???

Only if you had an account with this resellers site avast.de or related sites from this reseller.
AFAIK avast forums and official site are not involved in this attack, probably tried to attack those, but got to this resellers site first.

I use easy passwords, but never use the same email for various things, centralization of several services into a single email is already a serious error, pseudo prefer to use instead of your real name.