Hackers hit third security firm

 

Gallery

By Stuart Turton

Posted on 13 Feb 2009 at 09:31

F-Secure has confirmed that it's been hit by the same hackers that went after Kaspersky last week.

The hacking group, believed to be Romanian, appears bent on embarrassing the world's leading antivirus companies, and has now added F-Secure's scalp to those of Kaspersky and BitDefender.

F-Secure is "vulnerable to SQL Injection plus Cross Site Scripting," says an entry on the HackersBlog site. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity."

As with Kaspersky, F-Secure owned up to the attack, with a spokesperson admitting it was "slightly embarrassing for a security company to be breached this way."

However, F-Secure stressed no personal information had been exposed and the affected server has been pulled down while the exploit is patched.

"Although the attackers were able to read information from the database they couldn't write or manipulate it," the company says on its blog.

"And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world."