Even trusted security companies are immune to the sophisticated hackers who are out there trying to steal your information these days.

Two well-respected security providers AVAST and Nord VPN were both hacked.  Here’s what happened.

AVAST, which offers both free and paid third-party security for computers and mobile devices, discovered a breach on September 23.  The company noticed suspicious activity on its network and brought in the national security agency for Czechoslovakia (where the company is based) to investigate.


A hacker used a forgotten user account to get successfully breach the network seven times since May of 2019. It looks like the hacker was targeting the company’s CCleaner product.  In response, AVAST halted a planned release of CCleaner and offered updates to all previously installed versions. If you have CCleaner installed, make sure you have installed the latest updates.


NordVPN, which provides virtual private networks to help secure your Internet access, allowed a security key to expire, which made it vulnerable to attack.

The company says the first intrusion to their servers happened back in March of 2018 but they weren’t notified of the breach until April of 2019, at which point they deleted the affected server. The company says no user credentials were affected and that the affected server didn’t contain any user activity. Two other VPN providers were also affected.

The lesson here is that everyone, even security companies, has to follow good security practices. And even if you have third-party security in place, no one is 100% protected. So always be vigilant and monitor all of your accounts for unusual activities.