A hacker gained access to security firm Kaspersky's U.S. Website and hundreds of customer details after exploiting a SQL flaw on the site.
The hacker, known as Unu, also gained access to personal information of hundreds of Kaspersky customers, including user accounts, and activation codes. Details of the attack were posted on the Hackersblog forum.
A Kaspersky representative told The Register: "On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site."
"The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site."
Unu told The Register that he has warned Kaspersky about the flaw but has never had a response.
Another hacker from the forum said: "This vulnerability could have been critical if it were to be exploited by someone bad intended because several sensitive informations could have been extracted, like usernames, emails, passwords, codes, mysql users & passwords, etc."
Ad Choices