Skip to main content

Kaspersky Lab Confirms Website Attack; Verifies No Data Was Compromised

February 1, 2009

Kaspersky Lab Confirms Website Attack; Verifies No Data Was Compromised

The usa.kaspersky.com domain was attacked on Friday, February 6, 2009. The attack occurred when a SQL injection attack was launched on a subsection of the site, the support site. A vulnerability was in the code of the support site when a new version of the site was rolled out at the end of January. The attack was successful in penetrating the support site, but it was unable to take data from the site and as a result no data was compromised.

 

Upon notification of the vulnerability, company personnel took immediate action to address the issue, and the vulnerability was remediated within 30 minutes of notification. The attack was not able to access to any other portions of any other Kaspersky Lab sites – including ecommerce sites.

 

The company’s experts are currently investigating the incident and to go a step further have hired Next Generation Security Software’s David Litchfield to further investigate. Upon completion, the results of Litchfield’s report will be made public.

 

Kaspersky Lab recognizes the fact that this attack could have had much more serious ramifications and is doing an extra-thorough security audit of all official Kaspersky Lab sites and developing additional internal review processes to ensure the company’s corporate resources are protected from similar attacks in the future.

 

It should also be noted that Kaspersky Lab’s core competency as a company is developing anti-malware solutions and our research and development is a different group from our web developers, therefore the quality of the solutions we deliver has not been compromised in any way.

Kaspersky Lab Confirms Website Attack; Verifies No Data Was Compromised

Kaspersky Lab Confirms Website Attack; Verifies No Data Was Compromised
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases