This weekend, avadas.de, a German distributor of avast! suffered a hacking attack that has leaked details of over 16,000 customers. German site botfrie.de reports that email addresses, user-names, passwords (plain text and encrypted), dates of birth, phone numbers and PayPal account information have been exposed.
The distributor site is owned by Procello, who have admitted being attacked. They say some customer details were stolen, but cannot confirm if they were avast! customers. Their official statement claims that all passwords are encrypted and that any sensitive data is only kept on their own servers. Furthermore, Procello say they store only the minimum data necessary.
We approached avast! for comment, and Marketing director Milos Korenko reiterated that the German site was not an official avast! site. He also says that they have been trying to get control of the domain 'avast.de' (which now redirects to avadas.de) for many years.
This issue of the avast.de domain in Germany is interesting - consumers do have to be careful that they are visiting the site they want. The practice of auto-redirecting from one domain to another similar one is ethically suspect. The avadas.de site may be a distributor, but to most consumers it would look acceptable, or official, and it appears to have the blessing of avast! as a reseller.
If you have an account with avadas.de, you should change your passwords, and check your PayPal account has not been compromised.
This story highlights possible risks of using resellers who may not have the same security standards of bigger companies.
avast! say their customer data is their key priority and they regularly subject their systems to 'penetration tests' to ensure they are safe.