In what seems to be an embarrassing incident, hackers purported to have exposed a crucial flaw in the website of the renowned security provider Kaspersky that could have resulted in customers’ crucial information being compromised.
A group of hackers asserted that they managed to gain access to the US website of Kaspersky that has potentially provided them with various details, including customers’ personal details, activation codes, and user accounts.
The hackers provided the details of the SQL injection vulnerability on the HackersBlog, which comprises of a comprehensive list of the tables that hackers have accessed.
Kaspersky admitted that it has an experienced security issue within 24 hours of the hackers’ claims, and notified in a brief statement, “On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site”.
The company went on to say that the website was vulnerable for a short period, and the company took prompt action as soon as it came into notice, and it was removed within half an hour of its detection.
It further notified that the vulnerability wasn’t a critical one, and no information on the website was compromised.
However, Kaspersky’s claims have been questioned by the admin Tocsixu, the hacker who discovered the flaw days before, and decided to go public after getting no positive response from the security company.
Go To Page 2 for our comments and more related links
A security company being hacked is the worst thing that could happen to a high profile firm like Kaspersky Labs who should have known better. It will be crucial for the entity to make sure that it comes out unscatched from any PR obstacles that it may find on its way. It should not come as a surprise if Kaspersky's competitors use this incident to prop up their own product lines.
(The Tech Herald)