Symantec website suffers embarrassing security breach

November 25, 2009
by Sean P. Aune

Amazon improves Kindle battery life and adds PDF supportIf you’re a company that makes its living selling computer security software, the last thing you want to have happen is a security breach. Unfortunately, that is exactly what has happened to Symantec.

Technology news site eWeek is reporting that the Romanian hacker known as Unu has struck again.  You may remember Unu from earlier this year when he (we assume, Unu’s gender has never been specified) used an SQL injection attack to hack the Kaspersky Labs’ Web site.  Well, he’s up to his old tricks, and this time he hit Symantec’s Web site and was able to get into the customer data stored there.

As with the Kapersky Lab attack, Unu is not after stealing any actual data, he just wants to show that more safeguards should be taken with any data stored on the Web.  Not only was he able to use the SQL injection attack to get in, but he also discovered that Symantec stored the customer data in clear text, meaning that all of the data was readily readable, and ripe for the taking.

Symantec has acknowledged the attack and is working to plug the security hole Unu exposed.  The company has also said that the data that was compromised was only for customers in Japan and South Korea, and that no other territories seemed to be impacted.

At this time, we believe that this incident does not affect Symantec customers anywhere else in the world. This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec’s Norton-branded consumer products. Symantec is currently in the process of ensuring that the Web site is appropriately secured and will bring it back online as soon as possible.

While we are sure this is not how this message was meant, it does come off sounding a bit like, “Oh, well it was just Asian countries, no big whoop.”

If your bread and butter comes from security, may we humbly suggest you make sure your site is secure?  We somehow doubt this will be the last time we will be hearing from Unu.

  • Print
  • Digg
  • Facebook
  • Twitter
  • Mixx
  • Reddit
  • StumbleUpon


Related Posts:

Posted in Security | 3 Comments » Read more from Sean P. Aune

3 Responses to “Symantec website suffers embarrassing security breach”

  1. DavidB:
    November 25th, 2009

    Amazingly embarrassing, and yeah, I read it that way too.

  2. Jackie:
    December 2nd, 2009

    Great post, I’d Digg this.

  3. Heath:
    December 5th, 2009

    Great post, thanks!!

Leave a Reply:


Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPhone & Touch

RSS Mobile technology news

RSS Green tech

RSS Buying guides

RSS Gaming news

RSS Photography news

Copyright © 2010 Blorge.com