Audit: No customer data exposed in Kaspersky breach

Publish date: 14-02-2009
  • Bookmark & Share

An independent audit of a data breach at security firm Kaspersky's U.S. Web site has confirmed that no customer data was exposed, Kaspersky said on Friday.

A Romanian hacker site used a SQL injection and cross-site scripting attack to get access to a database on a Web site of the Moscow-based Kaspersky and publicized the attack on Saturday.

Kaspersky announced on Monday that it would hire database security expert David Litchfield to analyze the breach.

In the report, Litchfield concludes that an attacker based in Romania used Google to search for Web servers owned by Kaspersky running applications that may be vulnerable to a SQL injection attack, launched an attack, and attempted to gain access to customer data, but failed.

"This caused a number of other attackers from various locations to probe the site further," the report said. "None of these follow-up attackers accessed any customer data either."

The report was delivered to Kaspersky on Thursday.

The same HackersBlog site also launched subsequent SLQ injection attacks on Web sites of two other security firms, BitDefender and F-Secure.

Avem nevoie de acceptul tău!
Partenerii noștri folosesc cookie-uri pentru personalizarea și măsurarea anunțurilor. Prin acceptarea cookie-urilor, anunțurile afișate vor fi mai relevante pentru tine. Îți mulțumim pentru accept și te informăm că îți poți schimba oricând opțiunea în Politica de Cookie.