Vupen Security denies it's been hacked

07.06.2012
The CEO of French vulnerability research firm Vupen Security today dismissed reports suggesting hackers had broken into the company's systems and stolen information on as many as 130 zero-day vulnerabilities.

In response to a Computerworld query, Vupen CEO and chief hacker Chaouki Bekrar said the reports of the compromise are incorrect. "Nothing happened at all. We're safe," he said.

Bekrar's comments echoed a tweethe sent out late Wednesday night in which he called the rumors "totally false and pure troll."

It's unclear how speculation of the breach started. Many reports pointed to a brief post by security blogger Kevin Townsend that talked about Vupen being hacked and data on the zero-day flaws leaked. The report was picked up by other blogs and tweeted widely on Twitter.

A breach at Vupen, if true, would have wide impact. The company is widely regarded as one of the top vulnerability research firms in the business. Most recently, the company placed first at the Pwn2Own 2012 security event where it cracked Microsoft's Internet Explore 9 browser and Google's Chrome in two days.

Vupen is heavily focused on finding and exploiting unpatched bugs in leading software products. The company sells its vulnerability and exploit information to security vendors, governments, law enforcement agencies and to corporations to help them secure their systems against the flaws.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.