By Vineetha Menon
Ethical hacker uses SQL vulnerability to gain access to company database through EMEA site
The website of security specialists Symantec was hacked into recently by a Romanian ethical hacking group known as HackersBlog.
Taking advantage of a SQL injection vulnerability in a section of Symantec’s EMEA site, the hacker was able to gain unauthorised access to the company database.
“The irony of the situation is that it’s done on https , on a login page , a page that promotes security products like Norton AntiVirus 2009 and Norton Internet SECURITY,” the hacker, going by the name of unu, revealed.
Unu has decided not to release any further details in order to give the prominent security software provider time to patch the vulnerability.
Symantec has since issued a statement to confirm that no company or customer information was exposed, stating that: "It appears that the individual who reported it based the report on an error message. Symantec has addressed this issue and the web page is back up and running."
The attack is the latest in a series of successful hack-and-shame attempts by HackersBlog members on prominent security vendors, including Kaspersky, F-Secure and BitDefender.
Kaspersky went on record a few days ago to confirm that the data breach on its US website last week did not expose any customer information.