Symantec Data Stolen by Hacker Is Fake, Company Says

[steven36]

Data including a purported list of clients was reportedly stolen from the leading antivirus maker Symantec in a breach the company has downplayed as having no ramifications.

 

 

The Guardian reported on the incident Thursday, saying the stolen data included passwords and Symantec account numbers. The list of ostensible clients included the Australian federal police, major banks, universities, and retailers, among others, that paper said.

 

According to Symantec, though, the data is largely phony. The company said the incident was contained to a test environment it used for demonstration purposes. According to the Guardian, Symantec described the data as “low-level and non-sensitive” and the email accounts involved as “dummy e-mails.”

 

A Symantec spokesperson told the paper that the client list itself was also fake and that the entities “are not necessarily Symantec customers.” The Guardian did confirm that some of them, including Australia’s Department of Social Services, are users of Symantec’s products. Another government agency listed among the stolen files, however, hasn’t existed in six years.

 

The use of such “dummy data” is not uncommon, and it affords companies the ability to relax security protocols while testing new products. Developers on a project may not all work in the same building or even on the same continent. Using fake customer information allows them to share access to their work more quickly without fear of leaking sensitive data.

 

Companies that use real customer data for testing often suffer for it. The anonymous workplace app Blind, for instance, temporarily exposed sensitive information last year after it transferred a portion of its customers’ data to a test environment. The data was not immediately encrypted or deleted, as was protocol. A data-breach hunter quickly discovered the data online and shared news of it with a reporter.

 

Last year, the weight-loss company Weight Watchers also left a test environment accessible online. The company claimed that no personally identifiable information had been exposed, though the security team that discovered it remained skeptical.

 

Symantec was among a list of three major antivirus companies that a hacking group claimed to have penetrated last month, as Gizmodo first reported. The hackers, known collectively as Fxmsp, were attempting to sell the stolen data on the black market for $300,000. “There is no indication that Symantec has been impacted by this incident,” the company said at the time.

 

AdvIntel, the cybersecurity firm that had been tracking Fxmsp’s activities, told Gizmodo on Thursday that there didn’t appear to be a connection between the two incidents. “It doesn’t seem that this is related to our guys,” they said.

 

Source

[The AchieVer]

Symantec refutes claims of exposing client data during its demonstration process

 

• Contrary to the media reports, the company has called the data breach a ‘minor incident’.
• The hackers had targeted Symantec accounts belonging to several large Australian firms as well as major Australian government departments.

Recent media reports claimed that security giant Symantec exposed confidential data and a purported list of prominent Australian clients during its demonstration process in February 2019. However, contrary to the media reports, the company has called it a ‘minor incident’.

 

Uncovering the incident

 

According to a Guardian Australia report, the hackers had targeted Symantec accounts belonging to several large Australian firms as well as major Australian government departments. The hackers behind the breach are the one who had stolen information from Australia’s Medicare program and later posted it for sale on the dark web.

 

What data was allegedly stolen?

 

The hackers had extracted a list of clients who availed Symantec’s CloudSOC CASB (cloud access security broker) services. The impacted clients included the Australian federal police, major banks, universities, and retailers, among others. The stolen data also included passwords and Symantec account numbers.

 

However, Symantec has refuted the claims, citing the stolen data as "fake".

 

How has the company responded?

 

Symantec has refuted the data breach and said that the data in the exposed system included dummy emails and a small number of non-sensitive files.

 

“This is an old list of some of the largest public and private entities in Australia – it was in the environment for testing purposes. These entities are not necessarily Symantec customers, nor do we necessarily host services for them,” Symantec told Guardian Australia.

 

The company has characterized the breach as a ‘minor incident’ since it involved a self-enclosed demo in Australia that was not connected to Symantec’s corporate network.

 

"No sensitive personal data was compromised nor were Symantec’s corporate network, email accounts, products or solutions. As the world’s largest cybersecurity company, it is not uncommon for Symantec to be targeted by hackers and other cybercriminals,” Symantec told CRN.

 

 

 

Source

[Karlston]

Similar topics merged.

 

(A Search for “symantec”, sorted by date, shows this similarly titled topic near the top)