Hacking site is 'simple job'

"It's actually a simple hacking job if they really wanted to do it," said IT engineer Mohamed Saiful Mohamed Najaib.

Mr Saiful said that customers' data was probably retrieved from the K Box website's database.

He explained that dynamic sites, such as the one used by K Box, have a database stored in a back-end server.

In this case, the hacker probably accessed the administrative interface of the website which required a log-in and password.

"The hacker doesn't need much skills. He just had to keep trying until he got in," he said.

Mr David Siah, the country manager of security software firm Trend Micro Singapore, said that there could be other factors.

These include older applications created before related security policies were instituted. These may suddenly be exposed once web interfaces are added to them.

Another possibility: Security may have been overlooked in the software development life cycle.

Mr Siah said: "As web applications, websites and browser add-ons may have vulnerabilities, an attacker with the right motivation and tools can exploit to get access to information."

He recommends good web server security maintenance. Web applications should also be coded as securely as possible.