Antivirus Company Admits Site Hacked, Exposed for 11 Days

Kaspersky Lab, one of the most prominent antivirus companies on the web, has admitted that its web site was breached by hackers for almost eleven days. Despite the Moscow-based company's claim that its software is the most secure on the web, it reportedly didn't know its own site had been breached until the Romanian hackers behind the attack told them so.

Knowledge of the hack was made public on the weekend when the hackers, who are at this time only rumored to be Romanian, bragged about it in a blog posting. They claimed to have used an SQL injection attack to access Kapersky's United States support site and from there could roam free within the company's customer database. There they could peruse all the customer email addresses and activation codes they liked.

In an interview yesterday, Kaspersky senior antivirus researcher Roel Schouwenberg admitted that the situation was certainly embarrassing. "This is not good for any company, especially for a company dealing with security," Schouwenberg lamented. "This should not have happened." (Source: computerworld.com)

Despite their red faces, Kaspersky is adamant that the hackers failed to access customer data. "No real data has been accessed, and no data was revealed," Schouwenberg emphasized. Of course, it's possible the hackers just weren't that interested but could have had their fill of customer data had they desired. (Source: theregister.co.uk)

Schouwenberg was borderline antagonistic in his claim that only Kapersky's database table labels, and not customer information, had been accessed. "A more advanced hacker could have gotten access to the information...including activation codes for the product and email addresses. But that didn't happen."

Although Schouwenberg admitted that his company was partly at fault because of poor code review, he also lumped blame on an anonymous third party vendor who he believes crafted vulnerable code. "We could have done a bit more to protect ourselves," was the extent of his admission.

It will be up to Kapersky to reclaim their reputation in an unforgiving marketplace, but they can take solace in this: Microsoft's U.K. site was once breached by an SQL injection attack, too, and hacks of that kind are, by most accounts, on the rise.