It was the sorry state for the Moscow based computer security company, Kaspersky Lab when its U.S. Web site was hacked. The computer security vendor reported that a hacker posted listings of tables on its site through a simple SQL injection attack.

According to Kaspersky Lab, the U.S. Web site -- usa.kaspersky.com -- was hacked via a simple SQL injection attack by the hacker, Unu, who posted screen shots as well as a list of tables Feb. 7 to a blog. The hacker executed the attack by accessing the secret username and password information.

In a blog posting on hackerblog.org, the hacker wrote, "Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own databases. Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shop, etc."

Responding to the attack, “The Company immediately contacted the right people, shut down the vulnerable part of the Web site within 15 minutes and reinstated the old version of the support site," said Roel Schouwenberg, the senior antivirus researcher for Kaspersky Lab.

Schouwenberg explained that the attack on usa.kaspersky.com, which was developed partly by the company and partly by a third-party, happed because of they neglected a processing error that led to lack of proper scrutiny. Schouwenberg said, "We could have done more on our side to still catch the vulnerability. We're doing our best to improve our process further and be stricter and prevent this kind of thing from happening again."

According to Kaspersky researchers, Unu, found to be from Romania, did intrude their site, but could only lift the names of the tables. The hacked could not lift any sensitive data, such as e-mail addresses or activation codes.

Schouwenberg told that the customer credit card information was not available on the site, as it is handled by a separate third party. "He tried to get access to some of the content of these tables, and tried to get access to actual data, but he didn't get into the folders as it were. Truth be told, if the hacker had been more advanced, he could have gotten access to some of the data he claimed he could," Schouwenber said.

Kaspersky Lab claimed that the site was hacked when the company’s executive team and high-level security researchers were out of the town to attend the Kaspersky Lab's 2009 Partner Conference, held in Fajardo, Puerto Rico, Feb. 5-8.

However, admitting the negligence of the computer security vendor, Schouwenberg said, “This is not good for any company and especially a company dealing with security. This should not have happened. We are now doing everything within our power to do the forensics and prevent this from ever happening again."