Kaspersky Customer Database Exposed

secmartin writes "A hacker has managed to gain access to several databases via a SQL injection vulnerability on Kaspersky's US website. He has posted several screenshots and a list of available tables; judging from the table names, the information available includes data on bugs and user- and reseller accounts. The hacker has indicated that no confidential information will be posted on the Internet, but since a large part of the URLs used was visible in screenshots, it will only be a matter of time before somebody else manages to duplicate this."

Re:Great

[aymanh]

Judging from the table names in the article, it looks like they are maintaining virtually all of their data in a single database hosted on a machine that is connected to the Internet and accessible by anyone. This is a grave mistake in my opinion, regardless of whether they are using 3rd party software or not.

Re:Awesome

Of course it is! With nukes plants your merely talking about human lives. With casinos; well, there your talking about money.

With nuke plants, the only real motive for breaking the security from outside is for infrastructure disruption and terrorism.

With casinos, the motive is the millions of dollars in cash moving around.

There are far more greedy people than there are violent mass murderers.

A man who gets bitten by a hundred stinging gnats a day will be more diligent about swatting insects than a man who sees a tsetse fly every five or six years. No matter that that one tsetse may be far more dangerous than the gnats could ever be.