Kaspersky confirms "embarrassing" website attack

 

Gallery

By Stuart Turton

Posted on 10 Feb 2009 at 09:13

Kaspersky has admitted the recent website hack was an embarrassment for the company and "should not have happened."

Those were the words of Roel Schouwenberg, a Kaspersky senior antivirus researcher who admitted that suffering such a breach was a severe dent to the company's credibilty.

"This is not good for any company, especially for a company dealing with security," he said in a conference call. "This should not have happened."

Hackers went public earlier in the week with the details of a SQL injection attack which they claimed allowed them to access a customer database of email addresses and software activation codes.

However, Schouwenberg reaffirmed that, "no real data has been accessed, and no data was revealed," though he admitted that a hacker with real intent could have accessed far more sensitive information.

"Something went wrong with our internal code-reviewing process," said Schouwenberg. "Obviously, we are not happy about that."

The engineer says Kaspersky is now evaluating that process to make "it stricter than it was". "We need to do a much better job to prevent this from happening again."