Hi, Strange that the whole article is giving the expression that this is a current security issue but tells in the bottom line: "Gamal has reported the vulnerability to the Avira Security Team on August 21th, the team admitted the flaw and fixed the CSRF bug on their website, but the Secure online backup service “is still vulnerable to hackers until Avira will not offer a offline password layer for decrypting files locally.”" This means: No risk since that issue was reported and fixed on the same day, Avira Secure Backup use the same login. Store of encrypted files within a cloud storage and decrypt of the files locally is possible with other free tools.