Kaspersky Customer Database Hacked :-O

Its not to big of a deal..
Nasa gets hacked, CIA, everyone and now kasp..

Lets just hope they learn from this!
I bet it won't happen again in a very long time..

 

sadly...the price is mainly paid by the site owners.....fending the brickbats...swallowing the embarssment....restoring the credibilty....all due to some fame/adventure seeking cyber junkies.......

 

so the party is getting very hot in here . come on guys there is no big deal. if Cia or FBI gets hacked what the hack are you talking about. just give these guys a break

 

* Press Release from Kaspersky Labs

http://www.kaspersky.com/in/news?id=207575747

 

FWIW: from IT Wire Re: Kaspersky Press Release


"It’s a typical media statement and it’s what you would expect a company to say. It gives a reassuring message that, while acknowledging an exploit was possible, nothing happened. An attack attempt failed, Kaspersky reacted super-fast, and no data was laid bare.

The problem is, it’s all a load of crock.

First, the hacker who reported the vulnerability – unu – did more than just “attempt” anything. The screenshots given show a successful breach of the Kaspersky web site.

Further, unu lists all the database tables used by the site. It is a bald-faced lie to say no data was compromised. Perhaps a more accurate wording would be that nobody who accessed the site chose to publicise the data they saw. That’s quite different to “no data was compromised.”

In fact, Kaspersky are being duplicitous when they say the site was only vulnerable for a brief time, and moreso when they say the vulnerability was eliminated within a rapid time frame.

Firstly, the vulnerability has existed – whether known or not – since the time the version of the website compromised by unu had been put into production.

Secondly, according to an administrator at the hackerblog web site that unu used to publish the vulnerability, unu had only gone public after many failed attempts to get Kaspersky to take the matter seriously.

It transpires unu sent e-mails to info@kaspersky.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it , forum@kaspersky.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it and webmaster@kaspersky.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it days earlier. Nobody from Kaspersky responded and nobody patched the site.

Finally, unu posted a description of the problem with accompanying screenshots and only then did Kaspersky react. Even then, it wasn’t swift. According to The Register other people were able to reproduce unu’s exploit based on the information presented in the blog posting, announcing that it was active the entire day following unu’s announcement."

http://www.itwire.com/content/view/23118/1231/

 

you're wrong completly, that did happen 3d time now.

 

From Kaspersky Press Conference of this PM:

According to the company, the problem was due to the site not properly validating user input. Roel Schouwenberg, senior anti-virus researcher at Kaspersky, confirmed that the names of the tables are accurate. However, having the names of the tables does not mean the hacker actually accessed to them, he noted.

He added that no credit card data was stored on the server targeted by the hacker, though there were about product activation codes as well as 2,500 e-mail addresses for people who signed up for a product trial.

“This shouldn’t have happened,” he said, adding he was worried about the impact the hack would have on Kaspersky’s reputation.

The vulnerable code the hacker took advantage of to launch the attack was developed externally and did not go through Kaspersky’s normal code review process, Schouwenberg conceded.

To further reassure customers that no data was actually exposed, the company has hired well-known database security expert David Litchfield of NGS Software to perform an independent investigation of the incident.

http://www.eweek.com/c/a/Security/Kaspersky-Lab-Pours-Cold-Water-on-Claims-of-Data-Breach-By-Hacker/

 

I have to disagree. Surely the virus writers and hackers are not a good group of people but where do you think the reputation of Kaspersky come from? By fighting these bad guys! It's a war between virus and antivirus authors. Like in a real war, bitching about how bad your enemies just showed how weak you are. So here I don't think its a good reasoning to blame the so called cyber junkies. You have to face the reality.

 

Well they've admited it,that's good .
Of course i don't belive them regarding the credit card data.Time will tell.

 

I thought Kaspersky purchases were made through a 3rd party,element 5 or other companies that offer the same service to vendors and as such no or very few credit card details would have been held by Kaspersky??

 

You don't believe them but the fact is all purchasing/cc data is handled on a completely different server/system by their payment processor, which depening on where you are is arvato or element 5. The credit card data would not be stored in the database that was subject to attack.

 

BitDefender website from Portugal is OK, it was a reseller website not a BitDefender website, that means another database and CMS is used. Also there is an ongoing audit on the partner site to give them a heads-up in case there are other exploitable sites.

There are so many comments about these issues, but I don't really see the problem. I see everybody is trying to link a website and the security on that with the quality of the software and it doesn't makes sense.

 

this may prove of interest to both the "knockers" and the "worriers"!

http://www.itpro.co.uk/609806/kasperskys-us-website-hacked

especially the part where the hackers say they would never exploit confidetial info!

 

http://translate.google.com/transla...klantendatabase_BitDefender_.html&sl=nl&tl=en

interesting?

 

From here Kaspersky Forum

 

the thing on the forum is from here: http://www.viruslist.com/en/weblog?weblogid=208187633

 

Thanks for the info about he source

 

KL has released a further statement on this incident, including comments from David Litchfield: http://www.kaspersky.com/news?id=207575753