Kaspersky denies leaks after SQL hack

Kaspersky denies leaks after SQL hack

Summary: Russian antivirus vendor Kaspersky Labs' US website was hacked over the weekend exposing the company's customer database, but Kaspersky has denied data was compromised and says the vulnerability wasn't critical.

SHARE:
TOPICS: Security
0

update Russian antivirus vendor Kaspersky Labs' US website was hacked over the weekend exposing the company's customer database, but Kaspersky has denied data was compromised and says the vulnerability wasn't critical.

An unidentified hacker reported over the weekend that he was able to access a complete profile of the company's databases, revealing its clients' names, activation codes, list of bugs the company tracks, and client email addresses.

The hacker claimed to have hacked Kaspersky Lab's databases using an SQL injection attack, which exploits a vulnerability in an application's database layer.

The method has become a popular means to gain information via web-facing applications or as a way to use popular websites to spread malicious software.

Microsoft's UK website came under a similar attack in 2007 when hackers used an SQL injection to inject HTML code which seemingly defaced its web pages.

The Kaspersky hacker, who published their finding on the Hackersblog.org website, has since said that confidential data would not be released.

"[The] Kaspersky team doesn't need to worry about us spreading their confidential stuff. Our staff will never save or keep any confidential data. We just point our fingers to big websites with security problems," they reported.

Kaspersky Labs has admitted that a subsection of its usa.kaspersky.com domain was vulnerable last Saturday when a hacker "attempted an attack on the site".

"The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site," a spokesperson for the company said in a statement.

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion