Symantec denies recent hack claim
Says ethical hacker based report on error message and that there was no security vulnerability involved
Symantec has hit back on claims that its EMEA site was the recent target of a successful hack attack, stating that there was no security vulnerability involved.
As soon as the news broke, Symantec took down the site and conducted its own tests to determine that the “individual who reported it based the report on an error message”.
The company added that no company or customer information was exposed in the incident.
In response to the ethical hacker’s claims that he used a blind SQL injection to access the security vendor’s database, Symantec posted a note on the HackersBlog site to state that: “Upon thorough investigation, we have determined that the Blind SQL Injection is, in fact, not effective. The difference in response between valid and injected queries exists because of inconsistent exception handling routine for language options.”
In a generous move, Symantec thanked the hacker, identified only as unu, for notifying them about the issue.
HackersBlog, in response, stated that they “appreciate and support this type of response from a company, more so a vendor! This could help other organisation see and understand that the best way to approach things is by open communication and dialog.”