Infosecurity (USA) - Kaspersky site hacked over weekend

Anti-malware vendor Kaspersky's site was hacked over the weekend, using an SQL injection attack. While admitting that the site was vulnerable, Kaspersky is denying that the vulnerabiity was critical. The hacker nevertheless listed what he said was the full set of tables from the firm's MySQL database.

A post on a hacking blog claimed to show images of the site being hacked by changing parameters in the URL.

"Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own data bases," said the poster. "Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shop, etc."

"A vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site," the company responded in a statement over the weekend. "The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn’t critical and no data was compromised from the site."

Comment on this article

You must be registered and logged in to leave a comment about this article.

Related Stories

News

Kaspersky site hacked over weekend

Comment on this article

Members' Login

Not a member?