Hacker hits Symantec and accesses passwords

Security firm Symantec was attacked by a hacker back in February, but the company did not reveal details of the incident.

The attack has been brought to light by Guardian Australia which has seen some of the data extracted by hackers. This comprises not only passwords, but what is thought to be a list of Symantec clients -- including government agencies. But Symantec is downplaying the data breach, dismissing it as a "minor incident".

See also:

• Rowhammer-based RAMBleed exploit lets hackers steal data from memory
• Flipboard hacked -- attackers had access to database of user information for 9 months
• Google recalls Bluetooth version of Titan Security Key after discovering hacking vulnerability

Symantec says that it did not go public about the incident because it came to the conclusion that the hacker only attacked a data lab that was not connected to its corporate network. The company says that "no sensitive personal data was hosted in or extracted from this demo lab, nor were Symantec’s corporate network, email accounts, products or solutions compromised".

Guardian Australia reports that the attack was carried out by the same hackers said to be responsible for medical data that was available for sale on the dark web.

In the February incident, the hacker was able to access what appeared to be a list of clients using Symantec's CloudSOC services, account managers and account numbers. The security firm says that the data was "not used for production purposes" and was made of "dummy e-mails and a small number of low-level and non-sensitive files for demonstration purposes".

Included in the list of clients are police, government agencies, banks and large companies, but Symantec says: "This is an old list of some of the largest public and private entities in Australia -- it was in the environment for testing purposes. These entities are not necessarily Symantec customers, nor do we necessarily host services for them".

In a statement the company also said:

Consistent with our internal policies and guidance, which align with national and international data protection laws, no sensitive personal data or information has been disclosed that would trigger any regulatory obligations, but Symantec will continue to take appropriate remediation efforts if the situation changes.

Image credit: Michael Vi / Shutterstock