Two Official Kaspersky Websites Hacked

Recommended Posts

Two Official Kaspersky Websites Hacked

Customer info and product keys exposed

By Lucian Constantin, Web News Editor

10th of December 2009

A grey hat hacker has found a critical SQL injection weakness on the official Kaspersky Lab websites in Malaysia and Singapore. Exploiting the vulnerability leads to full compromise of the underlying database, which contains customer information, product keys and other sensitive data.

The attack has been documented by a Romanian hacker calling himself "Unu" ("one" or "someone" in Romanian). The self-confessed security enthusiast specializes in finding SQL injection vulnerabilities on high-profile websites belonging to well known IT companies, antivirus vendors, banks, media outlets or public institutions.

Unu's rise to fame on the Internet ironically began in February 2009, when he hacked Kaspersky Lab's U.S. support site and gained access to the customer database. Following that highly publicized incident, Kaspersky hired world-renowned database security expert David Litchfield to perform an audit on all websites run by the company.

Story & screenshots at Softpedia - http://news.softpedi...ed-129420.shtml

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.