News Stay informed about the latest enterprise technology news and product updates.

Kaspersky website hacked, customer activation codes exposed

Customer email addresses and up to 25,000 activation codes were exposed on a server for 10 days, the antivirus vendor said.

A Romanian hacker broke into a custom built, U.S.-based Kaspersky Lab support website on Saturday, exposing a server containing thousands of customer email addresses and up to 25,000 activation codes.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Kaspersky's Roel Schouwenberg, a senior research engineer, said the company was conducting a full investigation into the matter. Initial analysis showed that the hacker accessed no data files, he said. The Russian-based antivirus company hired high-profile database security expert David Litchfield to conduct an independent audit of its systems.

"This is not a good for any company, especially a company that deals with security," Schouwenberg said. "This should not have happened and now we're doing everything in our power to do forensics in this case and prevent it from ever happening again."

SQL injection attacks:
SQL injection has been the most common attack method among hackers recently and users can expect attacks against newer programming languages such as Flash and Java to increase over time, experts say. 

Jacob West, security group manager of Fortify Software, said that Flash, JavaScript, and a collection of Web 2.0 technologies are now at a greater risk for vulnerabilities because their software is running on end-user machines rather than a server. When individuals or IT professionals work with data processing on the client side in Web 2.0 technologies, one must be extra careful about where they execute the validation, West said.
>>>>>>Read SQL injection

Kaspersky's support website is the central portal for home and business users to access technical support documents and a help forum. Schouwenberg said it was custom built and went live in the U.S. on Jan. 29. The website contained a coding error, which was attacked by the Romanian hacker, known as Unu, via SQL injection.

"Something obviously went wrong with our internal code reviewing process," Schouwenberg said.

Once successfully exploited, the hacker could have gained access to a server which contained about 2,500 email addresses and thousands of activation codes, Schouwenberg said. The server contained no credit card numbers or sensitive customer account data, he said.

Details of the attack were posted on the Hackersblog.orgforum where the hacker claimed to have gained access to the customer data and user accounts. The hacker said he notified Kaspersky in advance of his attack, but received no response. The hacker also claimed to have exploited a similar vulnerability in BitDefender's Portuguese website.

Schouwenberg said the company received an email an hour before the attack, giving researchers little time to respond to the vulnerability. The site was taken down about 30 minutes after details of the attack leaked. It was repaired and back online early Sunday morning.

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.