Hackers break in to BitDefender's customer database


Hackers break in to BitDefender's customer database

Antony Savvas

Yet another major security vendor has had a customer database accessed by hackers.

Hackers have accessed customer details from a Portuguese partner site associated with BitDefender.

Last weekend, a hacker broke into Kaspersky Lab's US support website. A programming flaw left the site open to SQL injection attacks.

As a result, the hackers could have potentially accessed around 2,500 customer e-mail addresses and thousands of product activation codes.

Details of the BitDefender attack were posted on the hackersblog.org website, which reports website security gaffes.

And with the dust barely settling in the wake of the Kaspersky and BitDefender hacks, Hackersblog.org now says it has also discovered SQL injection and cross-site scripting vulnerabilities in security firm F-Secure's site.

The BitDefender hackers used SQL injection to access personal customer details and email addresses.

SQL injection involves inserting commands into web-based forms or URLs to try and steal data held in back-end databases.

BitDefender said it shut the affected site after the vulnerability was found. It says no customer financial data was exposed.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy