Just like the AIDS virus, the online outlaws of the wild worldwide web have now decided to attack the "immune system" of the Internet—namely, the websites of IT security firms and organizations dedicated to battling the hacker menace. More to the point, a site from security firm Symantec had just been attacked recently because it was susceptible to Blind SQL Injection problems that supposedly exposed a treasure trove of possibly sensitive data.

Unu, a Romanian gray-hat hacker, elected to use sqlmap and Pangolin (off-the-shelf hacker tools) in order to gain access to the data warehouse behind the website for Symantec's Asian branch. A glance at the security e-store unveiled by the invasion seemed to show plaintext passwords linked with the consumer records of the company. Japanese product keys contained within that particular Symantec server were also revealed by the out-of-the-blue hacker breach.

Unu had done this sort of action before, exposing similar weaknesses involving the websites of Kaspersky and the United Kingdom's parliament, among many other organizations with a strong influence on the IT security industry. The ambivalent hacker had even posted screenshots of his website assault to prove his claims that, if confirmed, run much deeper than the exposed inadequacies on the homepages of F-secure, Kaspersky, and many other security companies reported by Unu beforehand.

Symantec announced that it was presently investigating the supposed hack, which Unu purports to have given him full database and disk access. The cyber security titan deemed that the bug only affected a site utilized by consumers in a couple of East Asian nations, although it did confess that the problem is very real without saying just how grave or widespread it truly is; after all, the results of the investigation has not yet been completed.

The invaded site—pcd.symantec.com—has been taken down until the investigation is through and until better defensive measures have been integrated into its security policies. All the same, the aforementioned SQL Injection bug that Unu demonstrated has been confirmed to affect the offending webpage. The site had been assigned the responsibility to manage Symantec's Norton products and services in South Korea and Japan, so the susceptibility shouldn't affect Symantec's clients in other countries and regions.