The hacker who broke through the Website defenses of two prominent security vendors has claimed a third victim.
According to a posting on hackersblog.com, the Romanian attacker who launched SQL injection attacks on Kaspersky and BitDefender has now successfully penetrated the Web defenses of F-Secure, as well.
"[The F-Secure site is] vulnerable to SQL injection plus cross site scripting," the posting says. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity."
An F-Secure spokesman told news reporters the breach occurred on a low-level server that doesn't contain sensitive data, only marketing statistics. "It is slightly embarrassing as a security company that we have had the breach," said F-Secure's David Frazer, in a news report. "We certainly, as a security company, want to ensure that all of our servers are patched to the levels that they should be."
On Monday Kaspersky conceded that a Romanian hacker had launched a SQL injection attack on its newly implemented U.S. customer support site, exposing a potentially data-threatening vulnerability in its Website. The attacker did not publish any sensitive data, even though he could have gained access to it, Kaspersky said.