Kaspersky Customer Database Hacked :-O

http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/

 

Hope it gets fixed soon

 

Quite embarassing if it's true

 

im surprised there isnt any posts on the KL forum.
at least i cant find one.
this is really bad if true but can happern to any company.

 

,
Gunter Ollmann, the chief security strategist at IBM Internet Security Systems, is certainly in no doubt over the seriousness of the claim, warning "...this type of critical flaw can probably be used to usurp legitimate purchases and renewals of their products - which could include the linking to malicious and backdoored versions of their software - thereby infecting those very same customers that were seeking protection from malware in the first place."

http://www.daniweb.com/blogs/entry3943.html

 

Well this doesnt sound good, hopefully they get things fixed up quick

 

I don't care about the license,did they get emails and passwords of accounts ?
This sucks

 

yeah it can happen to any company.....but not like kaspersky!

 

The "white hat" hacking blog where this was first reported by the successful hacker has an extensive list of the tables available to the hacker. (a link to that site and the original blog post is given in the Register article in the OP)

In that blog post there are several screen shots. One shot shows the following tables:ID, username, email, passwd, homepage, last seen, activated.....

 

You're not kidding it is it hardly breeds confidence that they can protect your system,if they can't even keep their own data safe.

 

Thanks.I noticed it now.I'm gonna have a busy Sunday .

 

Good luck to kaspersky customers..
they need to change their passwords at least.

 

We have two screenshots and some hype curtosey of el reg as they do with any story. Apart from that they are not claiming to have any solid proof or facts of a breach of personal data.

If a breach has occured I am sure Kaspersky will issue a statement in due course.

Thirdly if a breach has occured I wouldn't be completely surprised....even the most powerful secret services and biggest security vendors in the world have website defaced/breached at some point. Although very embarrasing and potentially damaging I doubt anyone can claim to be invulnerable to attack.

 

if true, lets just hope they get it fixed and sorted as quickly as possible.

i aint a user of Kaspersky, but nobody can be happy this has happened, unless your about 5 years old on some powertrip to create shock n awe to the competition.

sure its embarressing 'if' it has happened, but im sure it really could happen to any of them, and id be pretty peed off if it happened to me.

so, hope the Kaspersky guys sort it all out soon

 

As someone said, it could happen to any other security vendor. But, AFAIK, this is the second time someone hacks into Kaspersky. Not so long ago, a hacker managed to get into their Malasian's affliate.

Isn't 1 time enough? Does it need to happen a 3rd time?

This only brings bad publicity to a security vendor. After all, if owning a company and wanting to protect my systems and data, would I trust in a security vendor, that cannot protect their own? This would lead me to reconsider...

I just hope Kaspersky won't let it go to a third strike.


Regards

 

so true.........

 

It's not about this really.During time Hackers managed to enter more "secured "places than kasperky web page.
I want to see what will kapersky do about this.

 

hey,
i have never got why the "whitehats" report about this and show evidence.
why not contact kaspersky directly and get it sorted out first?
surely that would minimize any data leaking out?

 

IMO not a very professional White Hat....

Fax

 

yes, it is a shame.

 

How does a breach on the website have anything to do with the protection abilities of the software?

 

I don't think its as bad as it seems. I do not believe you can change the cabinet password or username, unless i haven't found the option yet. The username and passwords are made up of just a random bunch of numbers. Sure the hackers would get emails but its not as bad as the phpbb forums hack where people got passwords/usernames/emails stolen.

 

I'm sure KL doesnt intend for it to happen

 

It does in the sense that if a security company has not exercised the level of care and competence necessary to protect its own website and customer data can it be expected to do any better in designing and maintaining its software programs.

.

 

um mm....it seems kaspersky is so busy protecting others that they forgot to protect themselves.......