In association with heise online

09 February 2009, 13:37

Kaspersky hack: Kaspersky respond [Update]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In a response to reports that the Kaspersky web site had been leaking information, has released a statement which reads "A vulnerability was detected on a subsection of the domain when a hacker attempted an attack on the site. Upon detection of the vulnerability Kaspersky Lab USA immediately took action to roll back the subsection of the site to eliminate the risk". The response claims that as this was an attack on the US site, UK users were unaffected. Kaspersky also said "It is important to stress that the attack did not have a malicious end and no data was exposed due to the vulnerability".

The claim that no data was exposed is disputed by the hacker who performed the attack. According to The Register, the hacker, going by the name unu, had originally uncovered the vulnerability some days before and had been trying to contact Kaspersky. It was only when he received no response from Kaspersky that he went public. The only reason that no data was compromised was because the hacker didn't store it. Usernames, emails, passwords, codes and MySQL credentials were among the information that is reported to have been visible to the hacker.

update: A member of the team at Kaspersky who dealt with the incident has now posted more details, noting that although the hackers obtained the database schema, they failed to execute any queries which retrieved user details or modified the database. The posting concludes with "We are lucky the hackers proved to be more interested in fame than in causing damage" before reminding people that secure web development is important for everyone.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit