A Kaspersky Lab technical support site was hacked late last month, exposing private customer information for 11 days, the Moscow-based security company admitted last week. The company learned of and closed the breach on Feb. 7 after it was notified by the Romanian hackers.
"This is not good for any company, especially for a company dealing with security," acknowledged Roel Schouwenberg, a senior antivirus researcher at Kaspersky, in a conference call last week. "This should not have happened."
The company had revamped the U.S. support site and relaunched it on Jan. 28. From that point until Feb. 7, the support database was open to attack, Schouwenberg said. The revamped site has now been replaced by the old version.
In a blog post, the hackers claimed that they were able to access a customer database that held e-mail addresses and software-activation codes by launching a SQL injection attack.
Schouwenberg confirmed that the database was hacked via SQL injection, but he contended that only the database's table labels were accessed, not the customer data. However, the e-mail addresses of about 2,500 customers and some 25,000 activation codes were at risk, he noted.
Source: computerworld.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment