Air India Star Alliance 4.5m: The U.S. Department of Homeland Security (DHS) has ordered all federal agencies to stop using software from a Russian cybersecurity company called Kaspersky Lab, citing security risks posed by the company’s close ties to the Kremlin and Russian spy services.
Now it seems more difficult than ever to avoid the issue because cybersecurity company Kaspersky Lab has just announced that one of its affiliates was hacked and up to four million personal passwords were stolen in an attack dating back to 2012.
Kaspersky Lab, based in Moscow and founded by Eugene Kaspersky, was founded in the early 2000s and according to The INQUIRER , is a privately held cybersecurity firm with almost 400 employees worldwide. The INQUIRER says that Kaspersky Lab began working with the Russian government in 2006 and partnered with the FSB [Russian Federal Security Service], a successor to the KGB for cyber security services.
In a blog post on Tuesday, Kaspersky Lab acknowledged that “an unknown” hacker or hackers were able to enter into one of its affiliate companies and gain access to the usernames and passwords of some four million users.
No credit card information was stolen in the incident, but the company said that the hack occurred between May and July 2012, which means that it could have included some customers who long ago canceled their accounts.
“The data was clearly obtained from the infected computers of customers of the company’s affiliate company located in Russia,” said Inna Churkina, Chief Security Officer at Kaspersky Lab.
Kaspersky Lab did however not disclose how many of its customers were affected by the hack, nor did it say whether any data was encrypted or otherwise protected. The security firm said that it has now notified all those whose data was stolen and has set up a special web page with information on how to protect oneself.
This is not the first time that Kaspersky Lab has had to deal with hacking attacks. The INQUIRER says that in February 2015, the Kaspersky Security Network (KSN) detected a user’s computer in Russia being infected by malware called ‘Pitty’ and two months later, Kaspersky Lab researchers spotted an attack using the same exploit on machines located in India.
The security firm has also flagged up other cyberattacks throughout 2015, including “Aurora” and “Duqu 2.0,” which according to The INQUIRER are all believed to be linked to a series of attacks on Western governments and other targets.
This recent incident is not the first time that Kaspersky Lab has discovered a data breach on one of its systems. According to a ” ComputerWorld ” article, the security firm revealed on October 23, 2013 that it found a cyber-attack similar to another massive breach suffered by Adobe Systems. In the case of Adobe, hackers stole the user profile data of up to 38 million users; the 2013 breach disclosed by Kaspersky Lab affected 1.5 million customers.
In response to these breaches, U.S. Government has now issued new rules which prevent any federal government agencies from using Kaspersky Lab software and services, with a specific ban on any software coming from the Russian cybersecurity company being placed on all systems that handle classified information.