Symantec: 2006 hack leaked source code
The security giant publicly discloses a breach of its network - almost six years after it took place.
Symantec has backtracked on how source code relating to its products was leaked, revealing its own network was hacked in 2006.
The revelation came after hacktivist group Anonymous claimed it was going to release the full source code of Symantec's flagship Norton anti-virus software.
The security giant said it believed the data acquired by hackers came after a hack in 2006, although it could not confirm to IT Pro how the break-in took place.
Symantec customers - including those running Norton products - should not be in any increased danger of cyber attacks.
Earlier this month, Symantec confirmed some source code relating to older enterprise products had been stolen. At the time, it claimed Norton products were unaffected and its own network had not been breached.
Hackers calling themselves The Lords of Dharmaraja threatened to publish the information online, saying they acquired the information from the Indian military.
From the 2006 hack, affected products include old versions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack) and its remote access software solution pcAnywhere.
Symantec Endpoint Protection (SEP) 11.0 and Symantec AntiVirus 10.2 inherited a very small amount of exposed code, the company said. There are no indications customers data has been stolen, it added.
"Due to the age of the exposed source code, except as specifically noted below, Symantec customers - including those running Norton products - should not be in any increased danger of cyber attacks resulting from this incident," a spokesperson said.
"Customers of Symantec's pcAnywhere product may face a slightly increased security risk as a result of this exposure if they do not follow general best practices. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information. Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring."
Symantec said businesses do not need to take any additional steps to protect themselves as a result of the hack. The company recommended customers ensure their software is up to date.
For any IT departments still concerned about the source code leak, Symantec has set up an advice page here.
Symantec did not disclose the 2006 hack publicly at the time, meaning it has taken between five and six years for the breach for the security firm to reveal what happened, or that the company did not know source code had gone missing back then.
RSA was heavily criticised for not immediately publicly disclosing a breach last year, when information relating to its SecurID product was compromised.
Digital Risk Report 2020
A global view into the impact of digital transformation on risk and security managementDownload now
6 ways your business could suffer if you don’t backup Office 365
Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for goodDownload now
Get the best out of your workforce
7 steps to unleashing their true potential with robotic process automationDownload now
8 digital best practices for IT professionals
Don't leave anything to chance when going digitalDownload now