Yet another major security vendor has had a customer database
accessed by hackers.
Hackers have accessed customer details from a Portuguese partner
site associated with BitDefender.
Last weekend, a
hacker broke into Kaspersky Lab's US support website. A
programming flaw left the site open to SQL injection attacks.
As a result, the hackers could have potentially accessed around
2,500 customer e-mail addresses and thousands of product activation
codes.
Details of the BitDefender attack were posted on the
hackersblog.org website,
which reports website security gaffes.
And with the dust barely settling in the wake of the Kaspersky
and BitDefender hacks, Hackersblog.org now says it has also
discovered SQL injection and cross-site scripting vulnerabilities
in security firm F-Secure's site.
The BitDefender hackers used SQL injection to access personal
customer details and email addresses.
SQL injection involves inserting commands into web-based forms
or URLs to try and steal data held in back-end databases.
BitDefender said it shut the affected site after the
vulnerability was found. It says no customer financial data was
exposed.