Kaspersky website hacked

 

Gallery

By Barry Collins

Posted on 9 Feb 2009 at 08:32

Hackers claim to have exposed a flaw in the website of security company Kaspersky that could have led to customers' data being compromised.

The hackers claimed they managed to gain access to the database on Kaspersky's US website, potentially providing them with details such as user accounts, activation codes and customers' personal details.

The hackers posted details of the SQL injection flaw on the HackersBlog, which shows a long list of tables that the hackers claim they were able to access.

Kaspersky was unavailable for comment this morning, but the company told The Register: "On Saturday, 7 February 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site."

"The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site."

One of the hackers told The Register that he warned Kaspersky of the flaw in its website several times before going public. He claims that no personal data was stolen.