MOVEit Data Breach and Avast Customers

[bob3160]

Hi Everyone, We’re reaching out to help address some of the questions here. First, we can confirm that the email you received was valid and not a phishing scam. As part of the MOVEit incident, some customer information, such as name, email address and phone number, was impacted. Our systems are secure and operational, and the cause of this was addressed immediately when the MOVEit incident was discovered. While this information is not considered high risk, we take the safety of our customers extremely seriously. Being vigilant against any potential phishing threats using this information is the best way to protect yourself. As an additional means to support those impacted, we are offering dark web monitoring free of charge for six months. For more information about the Progress Software MOVEit vulnerability, you can see here. And should you have questions related to your personal account, you can always reach out to our support team.

Thank you for responding. I have reached out to the Avast support team twice and had no response. I have asked what specific information of mine has been leaked, and nobody has gotten back to me.

I understand that being vigilant against phishing scams is the best way to protect ourselves going forward, but regarding the information which has already been released (name, phone number, and email address), what is Avast doing to get our information back? Do we need to accept that our names, email addresses, and phone numbers will simply remain on the dark web?

There is no getting back information harvested by hackers in a breach.
That's why you received this notification so that you can take precautions and know this information is now on the dark web.
When there is a vulnerability in a software or system, etc your information which was allowed to be harvested by this vulnerability is now available and you need to know this. The email simply informed you of the facts.
It isn't and wasn't a sales pitch but a notification.

It would have been much nicer if Avast had made a general notification on this forum so that
all of us would have had this information and been aware of the fact that Avast used this
vulnerable software. Please note, that Avast was not aware of the vulnerability
or it would not have used it. See the link for more information on the breach.
https://www.experian.com/blogs/ask-experian/moveit-data-breach/

[jj44]

Hi Everyone, We’re reaching out to help address some of the questions here. First, we can confirm that the email you received was valid and not a phishing scam. As part of the MOVEit incident, some customer information, such as name, email address and phone number, was impacted. Our systems are secure and operational, and the cause of this was addressed immediately when the MOVEit incident was discovered. While this information is not considered high risk, we take the safety of our customers extremely seriously. Being vigilant against any potential phishing threats using this information is the best way to protect yourself. As an additional means to support those impacted, we are offering dark web monitoring free of charge for six months. For more information about the Progress Software MOVEit vulnerability, you can see here. And should you have questions related to your personal account, you can always reach out to our support team.

Thank you for responding. I have reached out to the Avast support team twice and had no response. I have asked what specific information of mine has been leaked, and nobody has gotten back to me.

I understand that being vigilant against phishing scams is the best way to protect ourselves going forward, but regarding the information which has already been released (name, phone number, and email address), what is Avast doing to get our information back? Do we need to accept that our names, email addresses, and phone numbers will simply remain on the dark web?

There is no getting back information harvested by hackers in a breach.
That's why you received this notification so that you can take precautions and know this information is now on the dark web.
When there is a vulnerability in a software or system, etc your information which was allowed to be harvested by this vulnerability is now available and you need to know this. The email simply informed you of the facts.
It isn't and wasn't a sales pitch but a notification.

Thanks for informing me of that, re: the inability to get data back. I'm a layman so I don't know these things, which is why I've been trying to ask questions and get some answers. I would still like to know what information of mine, specifically, has been compromised. So hopefully the Avast support team will respond and tell me, if they can. If they can't, I'd like to understand why that's impossible to know.

I get what you're saying, that this isn't a sales pitch. But what about people who can't afford an additional piece of software? Once the 6 month free trial is finished, will those people have to just accept that their data is on the dark web and they can do nothing about it? I mean, will the compromised data magically disappear after 6 months?

Avast is responsible for our data, and they ultimately bear responsibility for that data being compromised. That's why the solution of asking people to pay for an additional service feels off, to me personally... and to a few other folks, evidently. If the personal information that we disclosed to Avast will be indefinitely exposed on the dark web, Avast's solution needs to be indefinite too.

I'm also really curious whether Avast users, who are also BreachGuard users, were informed that their data had been compromised. If the software works, they should've been aware long before the email was sent out. If not, that makes me doubt the appropriateness of BreachGuard as a solution to this problem.

[bob3160]

@jj44,
I suggest you look at the link I posted that gives you more detail about this breach.
I personally use the free version of Avast and have since 2003.
Breaches aren't something a company can control unless they willfully continue to use a product that's
vulnerable which isn't the case here.
You'll also note from the information that there were many companies affected by this vulnerability.
BreachGuard only makes you aware of breaches. It doesn't and can't prevent them.

[jj44]

@jj44,
I suggest you look at the link I posted that gives you more detail about this breach.
I personally use the free version of Avast and have since 2003.
Breaches aren't something a company can control unless they willfully continue to use a product that's
vulnerable which isn't the case here.
You'll also note from the information that there were many companies affected by this vulnerability.
BreachGuard only makes you aware of breaches. It doesn't and can't prevent them.

BreachGuard isn't just advertised as being able to make you aware of breaches. It also says, "take back your personal info" and "resolve identity theft issues" on the software advertisement page. Surely that's why an email was sent promoting the software; so that Avast customers can take back our personal info and resolve any identity theft issues which arise as a result of Avast's compromised data on us. But if fallout continues after the 6 month timeframe, and personal data is sold on to multiple parties after the free trial has run out, Avast is requiring affected users to pay money to fix privacy issues that are ultimately Avast's responsibility. Avast should be working to secure and reclaim its users data. Customers shouldn't have to pay for that.

[Adz]

I also recieved that warning email.
I already have breachguard as part of my package, it's mostly prompting you to be aware, and dark web monitoring, which I think you can get free a handful of ways.
Much more worrying to me is ANY weakness of Avast protection, the dangers of that cannot be over estimated. I know Avast got bought out not so long ago & I have been dreading the services efficiency going down, the previous owners always seemed well motivated to be the best & have watertight protection.

If you received the email too, does that mean BreachGuard was ineffective in doing its job and keeping your data secure? That really makes me doubt that BreachGuard is a good solution, as proposed in Avast's email. Doesn't sound like it guards against breaches at all...

I'm genuinely curious: Has BreachGuard at all alerted you to the compromising of your data via the MOVEit vulnerability? Were you aware of this before you received the email? Surely users should've been, if the software does what it says on the tin...

If you look into what Breachguard actually is, you would probably be surprised, I was. It is not like an active protection that stops, quarentines, deletes or even alerts you. It is literally an advisory tool, giving you short cuts to advise you to turn off public posting on facebook for example. It wouldn't actually stop any mal intent, it just makes it easier for you to protect yourself. Help you pull out of advertisers tracking. All functions you could do yourself, even the dark web monitoring is something I get offered from many different sources nowadays.
So, I was very unimpressed with Breachguard, I would not pay for it if it wasn't free with my package.
As I said originally, MUCH more worrying to me is that this becomes a trend of the strength of Avast protection.
I do also agree that this is probably more of a marketing email than anything else.

[Adz]

To directly reply to your question, no Breachguard did not warn me of MOVEit. I only know of the issue because of the email we all recieved.

[bob3160]

@jj44,
I suggest you look at the link I posted that gives you more detail about this breach.
I personally use the free version of Avast and have since 2003.
Breaches aren't something a company can control unless they willfully continue to use a product that's
vulnerable which isn't the case here.
You'll also note from the information that there were many companies affected by this vulnerability.
BreachGuard only makes you aware of breaches. It doesn't and can't prevent them.

Avast should be working to secure and reclaim its users data. Customers shouldn't have to pay for that.

Wishful thinking but not possible in the real world.
Here's some additional info on this breach:
List of victimized companies of MOVEit Cyber Attack
https://www.cybersecurity-insiders.com/list-of-victimized-companies-of-moveit-cyber-attack/

https://www.channelfutures.com/security/gen-digital-employee-info-stolen-in-moveit-transfer-cyberattack#:~:text=Gen%20Digital%2C%20the%20parent%20company,recent%20MOVEit%20Transfer%20ransomware%20attack.

[jj44]

I also recieved that warning email.
I already have breachguard as part of my package, it's mostly prompting you to be aware, and dark web monitoring, which I think you can get free a handful of ways.
Much more worrying to me is ANY weakness of Avast protection, the dangers of that cannot be over estimated. I know Avast got bought out not so long ago & I have been dreading the services efficiency going down, the previous owners always seemed well motivated to be the best & have watertight protection.

If you received the email too, does that mean BreachGuard was ineffective in doing its job and keeping your data secure? That really makes me doubt that BreachGuard is a good solution, as proposed in Avast's email. Doesn't sound like it guards against breaches at all...

I'm genuinely curious: Has BreachGuard at all alerted you to the compromising of your data via the MOVEit vulnerability? Were you aware of this before you received the email? Surely users should've been, if the software does what it says on the tin...

If you look into what Breachguard actually is, you would probably be surprised, I was. It is not like an active protection that stops, quarentines, deletes or even alerts you. It is literally an advisory tool, giving you short cuts to advise you to turn off public posting on facebook for example. It wouldn't actually stop any mal intent, it just makes it easier for you to protect yourself. Help you pull out of advertisers tracking. All functions you could do yourself, even the dark web monitoring is something I get offered from many different sources nowadays.
So, I was very unimpressed with Breachguard, I would not pay for it if it wasn't free with my package.
As I said originally, MUCH more worrying to me is that this becomes a trend of the strength of Avast protection.
I do also agree that this is probably more of a marketing email than anything else.

Cheers for sharing your experience as someone who has access to BreachGuard, I really appreciate it. You weren't alerted to the breach or guarded against it (by software called BreachGuard...) and an email was required to alert you, at which point the advice Avast offered was for you to sign up for software that you already have... That's a pretty damning indictment of both BreachGuard and Avast more generally. I thought the offer of a BreachGuard free trial was insufficient due to the time frame of six months, but it sounds like it's just insufficient overall. I definitely understand your worries about the overall strength of Avast protection.

I've now received a follow-up email from Avast. Most of the email is spent pushing the offer of a BreachGuard free trial. Which, regardless of the software's actual abilities, I still find a bit... cheap. If Avast really believes its software will greatly benefit people who are vulnerable to phishing scams and easy online mistakes, do they think such people will only need that assistance for six months? Or that our compromised information will disappear after six months?

Our information being leaked is, ultimately, Avast's responsibility, because the take on that authority and risk when they request/receive our information. But they're ceding responsibility after six months. After that time, we should have to pay to deal with the fallout. I dunno. Feels icky.

[jj44]

To directly reply to your question, no Breachguard did not warn me of MOVEit. I only know of the issue because of the email we all recieved.

Yikes. The Avast BreachGuard product page (www.avast.com/en-au/breachguard) says it will "Monitor for data breaches 24/7" and "Scan the dark web for info breaches" and "Take back your personal info". What I'm learning from you and bob3160 is that I have really been misled here!

I mean, the page literally says BreachGuard will "automatically scan the dark web for personal information that may have been part of a data leak or data breach," allowing users to "stay on top of new data breaches and immediately take the right steps to protect your personal information and avoid identity theft."

Seems an email was required to make you aware at all... Not very immediate, aye!

[NON]

Hi Everyone, We’re reaching out to help address some of the questions here. First, we can confirm that the email you received was valid and not a phishing scam. As part of the MOVEit incident, some customer information, such as name, email address and phone number, was impacted. Our systems are secure and operational, and the cause of this was addressed immediately when the MOVEit incident was discovered. While this information is not considered high risk, we take the safety of our customers extremely seriously. The best way to protect yourself is being vigilant against any potential phishing threats using this. Should you have questions related to your personal account, you can always reach out to our support team. You can also find more information about the Progress Software MOVEit vulnerability here.

Hi Ognjen3, thanks for the response.

Just for clarification, are these data (customer information) leaked from Avast/Gen itself, or from other companies having deals with Avast?
Why asking this is, Avast/Gen formerly stated that leaked information from them is employee's only and no customer information was leaked.

[Andrzej48]

Hi Everyone, We’re reaching out to help address some of the questions here. First, we can confirm that the email you received was valid and not a phishing scam. As part of the MOVEit incident, some customer information, such as name, email address and phone number, was impacted. Our systems are secure and operational, and the cause of this was addressed immediately when the MOVEit incident was discovered. While this information is not considered high risk, we take the safety of our customers extremely seriously. The best way to protect yourself is being vigilant against any potential phishing threats using this. Should you have questions related to your personal account, you can always reach out to our support team. You can also find more information about the Progress Software MOVEit vulnerability here.

Norton Dark Web Monitoring (check email account):
“We found your breached info:
•   1 TIMES
•   The most recent is within {0} months
•   8 Oct 2023
•   Country, Website Domain, Email, User ID, Password”
PASSWORD? ? ? ? I'm asking you for an explanation!

[jj44]

Hi Everyone, We’re reaching out to help address some of the questions here. First, we can confirm that the email you received was valid and not a phishing scam. As part of the MOVEit incident, some customer information, such as name, email address and phone number, was impacted. Our systems are secure and operational, and the cause of this was addressed immediately when the MOVEit incident was discovered. While this information is not considered high risk, we take the safety of our customers extremely seriously. The best way to protect yourself is being vigilant against any potential phishing threats using this. Should you have questions related to your personal account, you can always reach out to our support team. You can also find more information about the Progress Software MOVEit vulnerability here.

Norton Dark Web Monitoring (check email account):
“We found your breached info:
•   1 TIMES
•   The most recent is within {0} months
•   8 Oct 2023
•   Country, Website Domain, Email, User ID, Password”
PASSWORD? ? ? ? I'm asking you for an explanation!

Hey, Avast... It would be really good if you could engage here, and either confirm that this breach has not resulted in your customers' passwords being leaked, or confirm that some people's passwords have been leaked through Avast. Cheers.

[Ognjen3]

Hi Everyone, We’re reaching out to help address some of the questions here. First, we can confirm that the email you received was valid and not a phishing scam. As part of the MOVEit incident, some customer information, such as name, email address and phone number, was impacted. Our systems are secure and operational, and the cause of this was addressed immediately when the MOVEit incident was discovered. While this information is not considered high risk, we take the safety of our customers extremely seriously. The best way to protect yourself is being vigilant against any potential phishing threats using this. Should you have questions related to your personal account, you can always reach out to our support team. You can also find more information about the Progress Software MOVEit vulnerability here.

Norton Dark Web Monitoring (check email account):
“We found your breached info:
•   1 TIMES
•   The most recent is within {0} months
•   8 Oct 2023
•   Country, Website Domain, Email, User ID, Password”
PASSWORD? ? ? ? I'm asking you for an explanation!

Hello Andrzej48,

This looks like it may be a dark web monitoring alert, but it doesn’t say what incident the breached information is associated with. It does not appear to be related to Avast, because passwords were not part of the stolen data.