Feeds

PayPal privates exposed after breach on SECURITY shop

Aghast Avast: It was a reseller, not us

Choosing a cloud hosting partner with confidence

Antivirus firm Avast has said that it was not responsible for a breach on a website of a German reseller selling its security products that resulted in the apparent leak of the payment details of thousands of consumers over the weekend.

Turkish hacker Maxn3y defaced avadas.de on Saturday (archive here) before dumping what the hacker claimed were customer details online.

The purportedly leaked information included incomplete configuration files for the shop.avadas.de domain, what appeared to be authentic admin login details with encrypted passwords, and (most seriously), what security experts believe is the PayPal payment information for an estimated 20,000 consumers.

According to Cyberwarnews.info, which analysed the data dump, the hackers also grabbed the email addresses, user names, encrypted passwords as well as certain bank and payment details of the customers.

Procello, the German distributor that ran the site, admitted its customer database had been breached and that some of its customers info had been compromised but said it was unclear how many Avast customers were among those affected.

It played down the possibility of that the breach might result in fraud by saying that passwords were encrypted and it stored only the minimum information on its website, according to a German language statement on the front page of its website. It said the attackers had been trying to penetrate its systems for weeks before the breach, and that it had taken temporarily taken its systems offline as a precautionary measure.

Avast, the Czech security firm best known for its freebie antivirus scanner, said in a statement that the breach involved an unofficial website (run by a local reseller), that has since been suspended.

We are aware that a site appearing to be an official site, AVADAS.DE  (linked from AVAST.DE),  was hacked and compromised. However, this is not an official site and does not belong to Avast Software. Instead, it has been owned and operated for many years by Procello, a German reseller. We have demanded, and we have been refused, the return of the AVAST.DE domain name many times over the past years. We expect with this latest incident that the site will shortly be disabled and will never again be used by Procello.

Since yesterday [Monday], the reseller has shut down the AVAST.DE domain [including] its subdomains and is only using his own website.

More on the fallout from the breach can be found in an English language report by Softonic in its OnSoftware blog here. Several German language reports on the breach from the likes of Heise and others can be found here. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?