Kaspersky, Bit Defender, Facebook Hacked – Databases Exposed – SQL Injections

by on February 9th, 2009


Recently Kaspersky, Bit-defender, Face book websites were attacked via XSS and SQL Injections and their databases were exposed. Screen shots about their vulnerability and database tables were posted over internet.

Kaspersky is one of the leading companies in the security and antivirus market. Their website is down right now (9 feb 09, 6:42 pm) as I checked it, which was hacked recently. They are in maintenance mode. It seems as though they are not able to secure their own data bases. The companies who claim to secure our computers are not secure themselves. Seems incredible but unfortunately, its true. Through SQL injection some hackers were able to expose users, activation codes, lists of bugs, admins, shop and many more tables of their database. This is just a security alert though. No loss to customers and company as I suppose because the team involved is saying that their purpose is to alert the big companies about security measures. They have posted all the names of the tables in database though. Now I suppose we will see the new secure Kaspersky website. I have used myself this antivirus for quite a long time and then I had shifted to another one.

Kaspersky US Website Hacked

Bitdefender has the same problems. They were injected too.

Facebook, a website with an estimated of 5 to 10 Million in US Dollars, a number of 250-1000 employees, a website ranked number 8 GLOBALLY by alexa.com’s traffic standards, was not capable of securing their data base. Millions of accounts, email addresses and passwords up for grabs by anyone. Not only is the website vulnerable to sql injection but it also allows load_file to be executed making it very dangerous because a writable directory can be found and injection a malicious code we get command line access with wich we can do virtualy anything we want with the website: upload phpshells, redirects, INFECT PAGES WITH TROJAN DROPPERS, even deface the whole website.

Facebook Hacked

This is done via XSS (Cross Site Scripting) attacks and SQL injections. Using this technique hi5.com and yahoo were also affected via “evil” iframe.


I believe that there is a PINGU behind every hacking attempt. We are all unsafe…
If the security companies are…we surely are as well!!! Omg!!!
Going to back up all my websites, right now! BRB!!!

14 Reviews

  1. Hiroshi says:

    SQL injection is evil though. I lost much once I was attacked. Got me much time to take things back up. Even my Host refused to help me then. They were suggesting sites to go there and learn to secure yourself from SQL injection. But that guy kept attacking my sites before I could do anything and Host kicked me off. That’s a sad story. Beware and stay secure. Give a reading about SQL injection attacks. Every website owner should learn the defensive ways against this.

  2. Hiroshi says:

    You know when I started using internet (way back – 2002 – I used to chat a lot – And I was after chicks. Got no luck.) , I used to hack hotmail account passwords of my friends for fun and then tell them that I know the password. They used to freak out. That was fun. I used a script which is obsolete now of course because everything has been updated. Security has been tight everywhere. That was .ASP script. And I’m a PHP developer. Hotmail is lucky that it is not on PHP. lol…
    Above mentioned resources were from a blog. They used to do white hacking and tell the owners that they have security issues. Now they have stopped that work too.
    May be some authority told them to “Just! STOP it.”
    Hacking is a waste of time seriously. Instead now people do real things. Who cares about hacking stuff while they can put their energies in some real programming and developing stuff.

  3. Hiroshi says:

    @shezrulezz SERVER ERRRRROR: Okay! I thought, we had a famous hacker aboard.

  4. shezrulezz SERVER ERRRRROR says:

    oooooooooooooooooh brother dont think negative….
    i get this from one popular web blog..(about 25,000 activation keys handled hackers)
    via sql injection

  5. Hiroshi says:

    @shezrulezz SERVER ERRRRROR: Not a big deal? Ow! If he made it to the structure of database then he could have browse the data also. He would have been the luckiest and happiest guy in the world to have 25,000 activation keys of Kaspersky….Wait a minute! How do you know that there were 25,000 activation keys.

  6. shezrulezz SERVER ERRRRROR says:

    about kaspersky is not a big deal…..
    The hacker only managed to get access to the structure of the database; a more skilled attacker may have been able to get to the data itself. That would have exposed 2,500 customer e-mails and around 25,000 activation codes for Kaspersky’s security products.

  7. Jimmy says:

    Security measures are necessary now a days, for every website/blog/forum. What measures you take to secure your blog?

  8. Andrew Clerk says:

    The bitdefender portugal website isn’t maintained or created by bitdefender, i know that the bitdefender websites use an bitdefender developed cms, or something like that.

  9. Dj says:


  10. Aubi says:

    O! please, Not the Facebook. What next?

  11. Sarfraz says:

    That’s funny. Security threat for companies who make security softwares. They might launch a website security version soon.

    Kaspersky Website Security 2009.
    Kaspersky PHP Guard 2009.
    Kaspersky Database Security 2009.
    Bits of Website Defender 2009.
    Bits of mySQL Defender 2009.

    :D wow, I am creative with the naming. lol.

    Your blog might be Digg proof, but can anybody say that his blog is XSS proof?

  12. Raza says:

    Test code by XSS Vulnerability Scanners and see http://phpsec.org for security information related to php programming.
    Try http://www.phpmagicbook.com for good php programming codes and tutorials.
    Thanks for alert. I use Panda antivirus. Never used kaspersky yet. The customers who purchased kaspersky with credit cards might be in trouble though :)

  13. Zeus says:

    XSS attacks have been common. If the website will not be secure enough, vulnerable to SQL injections, then it will be owned, one day or another. Programmers must use safe code and strict validations while writing code.