Kasperky's US Website Hacked Thanks To SQL Flaw

In what seems to be an embarrassing incident, hackers purported to have exposed a crucial flaw in the website of the renowned security provider Kaspersky that could have resulted in customers’ crucial information being compromised.

A group of hackers asserted that they managed to gain access to the US website of Kaspersky that has potentially provided them with various details, including customers’ personal details, activation codes, and user accounts.

The hackers provided the details of the SQL injection vulnerability on the HackersBlog, which comprises of a comprehensive list of the tables that hackers have accessed.

Kaspersky admitted that it has an experienced security issue within 24 hours of the hackers’ claims, and notified in a brief statement, “On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site”.

The company went on to say that the website was vulnerable for a short period, and the company took prompt action as soon as it came into notice, and it was removed within half an hour of its detection.

It further notified that the vulnerability wasn’t a critical one, and no information on the website was compromised.

However, Kaspersky’s claims have been questioned by the admin Tocsixu, the hacker who discovered the flaw days before, and decided to go public after getting no positive response from the security company.

Go To Page 2 for our comments and more related links

Our Comments

A security company being hacked is the worst thing that could happen to a high profile firm like Kaspersky Labs who should have known better. It will be crucial for the entity to make sure that it comes out unscatched from any PR obstacles that it may find on its way. It should not come as a surprise if Kaspersky's competitors use this incident to prop up their own product lines.

Related Links

Kaspersky hacker: database exposed for days

(The Register)

Kaspersky site hacked to exposed sensitive data

(The Inquisitr)

Security software maker's own website hacked

(The Age)

Kaspersky website hacked

(PC Pro)

Kaspersky hacked?


Kaspersky Lab hacked: another sign of the losing war against hackers?

(Venture Beat)

Kaspersky USA suffers SQL Injection attack

(The Tech Herald)

Kaspersky fail to protect themself from website hack

(IT Wire)