Kaspersky Lab and BitDefender websites hacked
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Hacker embarrasses IT security firms with seemingly simple breach
UPDATE: Thanks to our commenter below who points out it that was the website of a BitDefender affiliate, not the actual company itself, that was hacked
A Romanian ‘white-hat’ hacker has successfully hacked into the websites of Russian IT security provider Kaspersky Lab and an affiliate of US antivirus vendor BitDefender.
According to a group called the Romanian Security Team, the hacker achieved full access to the database supporting the websites – which includes customer data – by simply altering a parameter in the URLs. They also found that they could perform SQL injections, remotely introducing harmful code into the database.
The group behind the hack say they have alerted the two companies of the security flaw. They have not exposed any of the data they found.
"On Saturday February 7 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site," Kaspersky said in a statement.
You can read the hacker's explanation of the fault here and here.
usa.kaspersky.com belongs to kaspersky but BitDefender.pt is a partner site and it is not created or maintained by BitDefender so it's really not the same thing.
Report this comment »