Hackers Attack Antivirus Firm's Tech Support Site
A Kaspersky Lab technical support site was hacked late last month, exposing private customer information for 11 days, the Moscow-based security company admitted last week. The company learned of and closed the breach on Feb. 7 after it was notified by the Romanian hackers.
"This is not good for any company, especially for a company dealing with security," acknowledged Roel Schouwenberg, a senior antivirus researcher at Kaspersky, in a conference call last week. "This should not have happened."
The company had revamped the U.S. support site and relaunched it on Jan. 28. From that point until Feb. 7, the support database was open to attack, Schouwenberg said. The revamped site has now been replaced by the old version.
In a blog post, the hackers claimed that they were able to access a customer database that held e-mail addresses and software-activation codes by launching a SQL injection attack.
Schouwenberg confirmed that the database was hacked via SQL injection, but he contended that only the database's table labels were accessed, not the customer data. However, the e-mail addresses of about 2,500 customers and some 25,000 activation codes were at risk, he noted.
Schouwenberg said the hack was made possible by a combination of vulnerable code crafted by an unnamed third-party vendor and poor code review by Kaspersky.
Kaspersky hired Next Generation Security Software Ltd.'s David Litchfield, an expert on SQL injection attacks, to audit the systems. His report, delivered Feb. 12, confirmed Kaspersky's findings.
This version of this story originally appeared in Computerworld 's print edition.
Got something to add? Let us know in the article comments.