The story would end here if it were not for the fact that the attack actually took place several days earlier according to an Admin at Hackerblog.com. The hacker who discovered the vulnerability only went public after receiving no response from Kaspersky.
As for the claim that no data was exposed that is also not true as a full list of the tables in the data base are listed over at hackerblog.com. The hackers responsible for finding the vulnerability stated they did not download any user data as this was not the intention of the exercise and only wanted to point out the issue to Kaspersky.
Read more here.
Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own data bases.
Seems incredible but unfortunately, its true.
Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shop, etc.
First, lets see the version, user and name of the database.