Hackers break in to BitDefender's customer database

Yet another major security vendor has had a customer database accessed by hackers.

Hackers have accessed customer details from a Portuguese partner site associated with BitDefender.

Last weekend, a hacker broke into Kaspersky Lab's US support website. A programming flaw left the site open to SQL injection attacks.

As a result, the hackers could have potentially accessed around 2,500 customer e-mail addresses and thousands of product activation codes.

Details of the BitDefender attack were posted on the hackersblog.org website, which reports website security gaffes.

And with the dust barely settling in the wake of the Kaspersky and BitDefender hacks, Hackersblog.org now says it has also discovered SQL injection and cross-site scripting vulnerabilities in security firm F-Secure's site.

The BitDefender hackers used SQL injection to access personal customer details and email addresses.

SQL injection involves inserting commands into web-based forms or URLs to try and steal data held in back-end databases.

BitDefender said it shut the affected site after the vulnerability was found. It says no customer financial data was exposed.