Symantec, one of the world’s leading companies on Internet security, makes a livelihood on protecting users from viruses and other malicious attacks, but has failed to protect its own website. One of Symantec’s Japanese websites was hacked by Romanian hacker Unu, through a simple blind SQL injection. Unu accessed the databases of the site and could browse the server containing passwords and license keys.
Simple software tools as Pangolin and sqlmap was the only thing he needed to access the databases, but the hacking attempt was just to show the lackluster security of the website, not to steal. He found both passwords and keys stored in raw format, without any kind of encryption.
Unu has done similar attacks against Kaspersky and other sites to expose lacking security. Symantec has confirmed the breach in security and pcd.symantec.com has been removed from the Internet while it investigates the problem.
Symantec has more than 17,000 employees and is perhaps best known for its Norton security suite.
