(WEB HOST INDUSTRY REVIEW) — Security solutions provider Kaspersky Lab (www.kaspersky.com) has confirmed that no sensitive data was compromised during last Saturday’s hack of its usa.kaspersky.com domain, where several attackers with IP addresses from Romanian ISPs launched an SQL injection attack on the support section of the site.
The attackers exploited a vulnerability on a new version of the support site, which was rolled out at the end of January.
Following the attack, the attackers alerted Kaspersky about the attack via several public email boxes, giving the company one hour to respond.
Despite not receiving a response, the attackers posted on their blog that they had attained “personal details” and “activation codes” from the site.
Kaspersky Lab’s web security team ran a thorough analysis and found that no activation codes or personal data were stolen as a result of the attack.
The company issued this statement on its website regarding the attack:
“At no point was customer data accessed. On the Saturday, the attacker published the fact that the usa.kaspersky.com web site was vulnerable to SQL injection. This caused a number of other attackers from various locations to probe the site further. None of these followup attackers accessed any customer data either. On hearing of the threat, Kaspersky immediately took down the vulnerable web server, preventing further and deeper breaches.”
The company immediately responded to the issue once it was notified, and repaired the vulnerability.
Fortunately, the attack did not seem to affect any of Kaspersky Lab’s other websites or the ecommerce sections on these sites.
Kaspersky Labs says it was fortunate for that “the hackers proved to be more interested in fame than in causing damage,” adding that security should always always be a key priority when companies are developing websites and that they should check and re-check their processes and code.
The company is currently auditing all official Kaspersky Lab sites and developing additional internal review procedures to ensure the safety of its sensitive data in the event of similar attacks in the future.
In other security-related news, earlier this week, Federal Aviation Administration revealed that hackers breached its network and gained access to the private information of its employees.
No related posts.
