A hacker gained access to security firm Kaspersky's US website and hundreds of customer details after exploiting a SQL flaw on the site.

The hacker, known as Unu, also gained access to personal information of hundreds of Kaspersky customers, including user accounts, and activation codes. Details of the attack were posted on the Hackersblog forum.

Kaspersky told The Register: "On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site".

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

"The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site."

Unu told The Register that he has warned Kaspersky about the flaw but has never had a response.

Another hacker from the forum said: "This vulnerability could have been critical if it were to be exploited by someone bad intended because several sensitive informations could have been extracted, like usernames, emails, passwords, codes, mysql users & passwords, etc."

See also: Barclays' mobile users get free Kaspersky security