Symantec hit by hack attack on website

Ethical hacker uses SQL vulnerability to gain access to company database through EMEA site
Symantec hit by hack attack on website
By Vineetha Menon
Fri 20 Feb 2009 12:00 AM

The website of security specialists Symantec was hacked into recently by a Romanian ethical hacking group known as HackersBlog.

Taking advantage of a SQL injection vulnerability in a section of Symantec’s EMEA site, the hacker was able to gain unauthorised access to the company database.

“The irony of the situation is that it’s done on https , on a login page , a page that promotes security products like Norton AntiVirus 2009 and Norton Internet SECURITY,” the hacker, going by the name of unu, revealed.

Unu has decided not to release any further details in order to give the prominent security software provider time to patch the vulnerability.

Symantec has since issued a statement to confirm that no company or customer information was exposed, stating that: "It appears that the individual who reported it based the report on an error message. Symantec has addressed this issue and the web page is back up and running."

The attack is the latest in a series of successful hack-and-shame attempts by HackersBlog members on prominent security vendors, including Kaspersky, F-Secure and BitDefender.

Kaspersky went on record a few days ago to confirm that the data breach on its US website last week did not expose any customer information.

For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.

Subscribe to our Newsletter

Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.