Avast community forum hacked, user names and passwords stolen.

Avast community forum hacked, user names and passwords stolen          

    Antivirus firm Avast said it took its community forum offline following a hacking attack                                                                               compromised its database. 

       User names, email addresses,nick names and passwords were compromised in his attack.The breach did not involve any financial data, license or any other data. While the passwords are hashed(SMF forum software uses SHA-1 with a salt to store passwords) , it will not take much time for a hacker to crack the hashes. The longer the password, the harder it is to crack.

       According to Avast blog post, the security breach affects less than 0.2% (about 400,000) of Avast's 200 million users.People who uses the same password on other websites are advised to change those passwords immediately.  

      Until now, their forum used an open source community software called "Simple Machines Forum(SMF)".It appears the Avast is using an outdated version of SMF.Avast said it is now "We are now rebuilding the forum and moving it to a different software platform" which will be secure one.