Kaspersky responds

We confirm that the vulnerability existed in the new version of usa.kaspersky.com/support. We analyzed the log files and found requests with SQL injection. There were several attackers with IP addresses from Romanian ISPs. The requests were initially made with an automated tool - the screenshots showed that the hackers used a free edition of an Acunetix tool.

As I suspected (obvious from at least one screenshot on the hacker’s blog), the Romanian hackers used the free Acunetix tool to find the vulnerabilities (although I thought the free version was limited in scope, but apparently not).

Here is something a little more interesting:

After conducting the attack, the attackers decided to show off their ‘great code of ethics’ by sending Kaspersky an email - on a Saturday to several public email boxes. They gave us exactly 1 hour to respond. And posted on their blog without having received a response.

Incidentally, it has also been written that Bitdefender was hacked. Actually, it was their Portuguese reseller, a company called Uptrends Software, that was responsible for that site.