Did AVG leave your personal data exposed?

It turns out that even the companies whose job it is to keep us safe can't seem to do it. What hope is there?

Ian Sherr
Ian Sherr Editor at Large / News

Ian Sherr (he/him/his) grew up in the San Francisco Bay Area, so he's always had a connection to the tech world. Currently, he writes about Apple, Microsoft, VR, video games, and internet troubles. Aside from writing, he tinkers with tech at home, is a longtime fencer -- the kind with swords -- and began woodworking during the pandemic.

2 min read
Enlarge Image

It's getting harder to keep that computer secure.

Sharon Vaknin/CNET

Ever had a day where you just wanted to shout, "You had one job"?

The latest company to earn the rebuke is Netherlands-based antivirus software maker AVG, whose "Web tuneup" add-on for the Google Chrome browser promised to protect you from surfing to unsafe sites on the Internet. It turns out the software also exposed your browsing history and other personal data to any would-be hacker who knew how to grab it.

The problem has been fixed, but it's unclear how many of the 9 million people who use the software might have had their information stolen.

AVG confirmed the flaw and said it created a quick fix. "As soon as we were highlighted to it, our first and foremost priority was to get a fix to market," said Tony Anscombe, who helps manage security at AVG. He added that AVG's core antivirus software wasn't affected and that the company is reviewing its processes to ensure its software is safe.

The episode underscores the frustration many people feel about computer security. You think you're doing all the right stuff, keeping all your software up to date and installing antivirus protection. AVG, a computer security company, offers this software promising to help keep you safe while surfing the Web. You should be able to trust them, right?

It's not the first time this sort of thing has happened. Other security companies, such as antivirus maker Kaspersky, have been hacked in the past year.

Hacking attacks are getting expensive, too. Verizon Enterprise Solutions estimated that 700 million compromised records from companies around the world led to losses of $400 million last year. That's based on surveys of 70 companies, so the actual figure is likely much higher.

For its part, AVG appears to have fixed the issue within a couple of days of it being written about by a Google security researcher, sending the software update just before Christmas. With any luck, that helped AVG avoid getting coal in its stocking.