Antivirus maker Kaspersky Lab acknowledged that its customer databases had been hacked, and that the hack had been in place for 11 days without Kaspersky's awareness.Adding embarrassment to injury, Kaspersky Lab made the hack public after learning of it through a public posting on a hacker's blog.

The same blog has claimed a hack of another security vendor, Portugal-based BitDefender.

The allegedly Romania-based SQL injection attack targeted Kaspersky's new U.S. support Web site, just launched on January 29.

While Kaspesrky described the problem as an unsuccessful hacker attack, the company has also been refreshingly red-faced in public statements about the problem.

(BitDefender has been more reticent, releasing no statements as of this posting.)

As far as the database hack, a Kaspersky official stated,"This is not good. It should not have happened."

No, it shouldn't, and the fact that no user information, evidently, was stolen, shouldn't deflect the hard thinking that sn AV-maker hack will prompt.

Kaspersky is a good company, with solid products and a fine reputation. This problem will, one assumes, affect that reputation for awhile at least. But the company should be able to ride it out.

Particularly if, in addition to tightening its defenses and, as it has promised, thoroughly auditing all of its sites and digital resources, the company turns its red face into a red flag, reminding everyone that the attack was admittedly a result of poor quality control, and continuing to be upfront about how it happened, how it could have been prevented from happening, and the lessons everyone can learn from the procedures Kaspersky puts into place to prevent such a situation from happening again.