Symantec Website Hack Exposes User Data | eWeek

Symantec Website Hack Exposes User Data

Verfasst von
Brian Prince
Brian Prince
Nov 25, 2009
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

A Website operated by security firm Symantec was hacked – giving an attacker a sneak peak at sensitive customer data.

The Romanian hacker known as Unu, who earlier this year uncovered a hole in a Website run by Kaspersky Lab, exploited a blind SQL injection problem to get his hands on clear-text passwords associated with customer records and other data.

Unu used sqlmap and Pangolin to demonstrate the vulnerability, and published screenshots to his blog. According to Symantec, the vulnerability was on its pcd.symantec.com site, which is used to facilitate customer support for Symantec’s Norton products in Japanand South Korea.

“At this time, we believe that this incident does not affect Symantec customers anywhere else in the world,” a Symantec spokesperson said Nov. 24. “This incident impacts customer support in Japanand South Koreabut does not affect the safety and usage of Symantec’s Norton-branded consumer products. Symantec is currently in the process of ensuring that the Website is appropriately secured and will bring it back online as soon as possible.”

According to Unu, his goal was not to cause harm, but to create a stir so the problem would be fixed.

“If you remember, in February, Kaspersky faced with a sql injection,” he blogged. “Then they had the courage to admit vulnerability…There was fair play, they quickly secured vulnerable parameter, and even if at first they were very angry at me, finally understood that I did not extract (data), I saved nothing…My goal was, what (it) is still, to warn. To call attention.”

Trend Micro Advanced Threats Researcher Rik Ferguson said the incident serves as a reminder to follow best practices when it comes to securing Web applications. Sensitive data should never be stored in clear text, he blogged, and bounds checking of input data can help avoid buffer overflows and SQL injection attacks.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.