Feeds

PayPal privates exposed after breach on SECURITY shop

Aghast Avast: It was a reseller, not us

5 things you didn’t know about cloud backup

Antivirus firm Avast has said that it was not responsible for a breach on a website of a German reseller selling its security products that resulted in the apparent leak of the payment details of thousands of consumers over the weekend.

Turkish hacker Maxn3y defaced avadas.de on Saturday (archive here) before dumping what the hacker claimed were customer details online.

The purportedly leaked information included incomplete configuration files for the shop.avadas.de domain, what appeared to be authentic admin login details with encrypted passwords, and (most seriously), what security experts believe is the PayPal payment information for an estimated 20,000 consumers.

According to Cyberwarnews.info, which analysed the data dump, the hackers also grabbed the email addresses, user names, encrypted passwords as well as certain bank and payment details of the customers.

Procello, the German distributor that ran the site, admitted its customer database had been breached and that some of its customers info had been compromised but said it was unclear how many Avast customers were among those affected.

It played down the possibility of that the breach might result in fraud by saying that passwords were encrypted and it stored only the minimum information on its website, according to a German language statement on the front page of its website. It said the attackers had been trying to penetrate its systems for weeks before the breach, and that it had taken temporarily taken its systems offline as a precautionary measure.

Avast, the Czech security firm best known for its freebie antivirus scanner, said in a statement that the breach involved an unofficial website (run by a local reseller), that has since been suspended.

We are aware that a site appearing to be an official site, AVADAS.DE  (linked from AVAST.DE),  was hacked and compromised. However, this is not an official site and does not belong to Avast Software. Instead, it has been owned and operated for many years by Procello, a German reseller. We have demanded, and we have been refused, the return of the AVAST.DE domain name many times over the past years. We expect with this latest incident that the site will shortly be disabled and will never again be used by Procello.

Since yesterday [Monday], the reseller has shut down the AVAST.DE domain [including] its subdomains and is only using his own website.

More on the fallout from the breach can be found in an English language report by Softonic in its OnSoftware blog here. Several German language reports on the breach from the likes of Heise and others can be found here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.