Hackers have reported breaches of three security firm websites
this week in postings on the
HackersBlog site.
In the latest name-and-shame attack, hackers used SQL injection
and cross-site scripting methods to access data on a site belonging
to Helsinki-based security firm F-Secure.
"Fortunately, F-Secure does not leak sensitive data, just some
statistics regarding past virus activity," the posting on
HackersBlog said.
As with similar attacks on the websites of security firms
Kaspersky and partner BitDefender, F-Secure said the breach was
limited, with no impact on customers or partners.
At the weekend, a blog posting revealed a hacker was able to
breach
Kasperky's US website and databases containing customer
details.
Days later, another
posting said, "Kaspersky are not the only ones who need to
secure their database. Bitdefender has the same problems."
After the initial posting revealing vulnerabilities on
Kaspersky's US website at the weekend, HackerBlog said the breach
was not malicious.
"Our staff will never save or keep any confidential data, we
just point our fingers to big websites with security problems," the
posting said.