Security

Avast acknowledges collecting user data; shuts down Jumpshot

The anti-virus giant Avast has announced shutting down one of its subsidiaries called Jumpshot after the company was found stealing user data and selling it for big bucks.

On January 28th, 2020 based on the investigation by PCMag and Vice, HackRead reported that Avast was secretly stealing browsing data from millions of its customers and selling it to third-parties. Some of its active buyers included Google, Pepsi, IBM, Yelp, Microsoft, TripAdvisor, and Unilever, etc.

See: Study shows prominent apps are selling your data to 3rd parties

Avast’s data collection worked or still works in such a way that the software collects all of your browsing data which is then accessed by Jumpshot. The latter in return takes it and uses it as a part of what makes up its product offerings.



An example of it is Avast’s “All Clicks Feed” which lets companies access your behavior on the internet and any clicks you make on any particular range of domains. Reportedly, Avast sold user data to one of its New York-based customer for a hefty sum of $2,075,000. 

How Jumpshot functioned – Image credit: Motherboard

However, in a blog post published on 30th January Avast CEO Ondrej Vlcek apologized to their customers and announced shutting down Jumpshot. 

“Protecting people is Avast’s top priority and must be embedded in everything we do in our business and in our products. Anything to the contrary is unacceptable.  For these reasons, I – together with our board of directors – have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect,” wrote Vlcek in his blog post.

Vlcek also maintained that Jumpshot did not break GDPR rules and committed themselves to 100% GDPR compliance. 

“Jumpshot has operated as an independent company from the very beginning, with its own management and board of directors, building their products and services via the data feed coming from the Avast antivirus products,” Vlcek added.

See: Owner of DDoS mitigation firm launched DDoS attacks on others

“During all those years, both Avast and Jumpshot acted fully within legal bounds – and we very much welcomed the introduction of GDPR in the European Union in May 2018, as it was a rigorous legal framework addressing how companies should treat customer data. Both Avast and Jumpshot committed themselves to 100% GDPR compliance. “


This is not the first time when Avast made headlines for stealing customer data. In December last year, Google banned Avast security extensions including AVG security over data snooping. 

Nevertheless, the damage for Avast is done and it may be too late to apologize or shutting down Jumpshot. As a customer, the main purpose of using anti-virus software is to protect our data from online crooks, malicious hackers and cybercriminals and Avast has turned out to be all three. 

You Might Also Like