Security company Kaspersky Lab suffered a major database breach that lasted for more than 10 days, according to a blog post by a hacker calling himself Unu. Although admitting to the security breach, Kaspersky said on Monday, that the attack was unsuccessful, and that the hackers were unable to gain access to restricted information on their website.

 

But if we look at the hackers’ blog, it says completely otherwise: Kaspersky is one of the leading companies in the security and antivirus market but it seems as though they are not able to secure their own databases […]. Alter one of the parameters, and you have access to everything: users, activation codes, lists of bugs, admins, shop, etc.

 

Kaspersky Lab on the other hand said the hackers’ claims are not true, and therefore they did not gain access to user data. Furthermore, the vulnerability that affected the usa.kaspersky.com website did not affect any other Internet resource.

 

The company said experts are currently investigating the incident. In addition to that, Kaspersky Lab also confirmed it is conducting a security audit on all of its websites, and developing technical and legal measures to protect the company’s resources from similar attacks in the future.

 

Despite Kaspersky Lab’s claims of an unsuccessful attack, the same hackers eported that BitDefender had the same problem. Both attacks used an SQL injection, a method that appears to have increased in popularity among hackers in 2008, according to estimations by IBM.