BitDefender exposes private data and denies the fact

A recent post on the HackersBlog reported a security breach on the website of the prominent anti-virus provider BitDefender. Advanced Romanian hackers discovered that the company for the second time in a week carelessly exposed a database that is expected to stay uncompromised. In this regard the company again denied any SQL injection as it did last week when HackersBlog reported a separate vulnerability in BitDefender.pt, the authorized seller of BitDefender software for Portuguese-speaking customers.

The post on the HackersBlog advised that by means of embedding commands into the BitDefender.com URL you can make BitDefender's main website to unveil the database. A hacker by the name of Unu said that he advised of the vulnerability to the company with no response sent to him. Thereby he posted an article knowing that the company reads their blog.

When last week the HackersBlog reported similar problem about the BitDefender.pt which had the potential to expose names and email addresses of people who used the site the company just distanced itself from the issue by telling that ‘none of the sites hacked are owned or operated by BitDefender’. In fact this is an adequate reaction as long as any company wants to retain its consumers and thus any company will deny there is a problem with their service down to the wire.