A hackers’ group has seemingly managed to embarrass another security vendor. After revealing that Kaspersky, BitDefender Portugal, and F-Secure all had vulnerabilities in their sites, the hacker has now reported a blind SQL injection of emea.symantec.com. It’s not clear from the report what kinds of information might have been accessible via the attack.
Symantec.com has not yet responded to the hacker’s attempts to inform them of the vulnerability nor yet issued any statement.
Update: Symantec has responded to my inquiry with the following statement:
Symantec was notified of a reported security vulnerability on a webpage within Symantec’s website. Upon notification of the potential vulnerability, Symantec immediately took the site down, conducted comprehensive testing and determined that the issue is not a security vulnerability. It appears that the individual who reported it based the report on an error message. Symantec can confirm that no company or customer information was exposed.