Symantec has backtracked on how source code relating to its products was leaked, revealing its own network was hacked in 2006.
The revelation came after hacktivist group Anonymous claimed it was going to release the full source code of Symantec's flagship Norton anti-virus software.
The security giant said it believed the data acquired by hackers came after a hack in 2006, although it could not confirm to IT Pro how the break-in took place.
Symantec customers - including those running Norton products - should not be in any increased danger of cyber attacks.
Earlier this month, Symantec confirmed some source code relating to older enterprise products had been stolen. At the time, it claimed Norton products were unaffected and its own network had not been breached.
Hackers calling themselves The Lords of Dharmaraja threatened to publish the information online, saying they acquired the information from the Indian military.
From the 2006 hack, affected products include old versions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack) and its remote access software solution pcAnywhere.
Symantec Endpoint Protection (SEP) 11.0 and Symantec AntiVirus 10.2 inherited a very small amount of exposed code, the company said. There are no indications customers data has been stolen, it added.
"Due to the age of the exposed source code, except as specifically noted below, Symantec customers - including those running Norton products - should not be in any increased danger of cyber attacks resulting from this incident," a spokesperson said.
"Customers of Symantec's pcAnywhere product may face a slightly increased security risk as a result of this exposure if they do not follow general best practices. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information. Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring."
Symantec said businesses do not need to take any additional steps to protect themselves as a result of the hack. The company recommended customers ensure their software is up to date.
For any IT departments still concerned about the source code leak, Symantec has set up an advice page here.
Symantec did not disclose the 2006 hack publicly at the time, meaning it has taken between five and six years for the breach for the security firm to reveal what happened, or that the company did not know source code had gone missing back then.
RSA was heavily criticised for not immediately publicly disclosing a breach last year, when information relating to its SecurID product was compromised.
-
The big book of selling data protectionWhitepaper Agile risk management starts with a common language
-
Detection is not enough: Exposed assets require rapid mitigation to reduce and eliminate riskWhitepaper Agile risk management starts with a common language
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
Security operations use case guideWhitepaper Improve your cyber resilience and vulnerability management while speeding up response times
-
Creating a proactive, risk-aware defense to thrive in today’s dynamic risk environmentWhitepaper Agile risk management starts with a common language
-
Turn banking technology risks into business advantagesWhitepaper Five proven practices to make it happen
-
Take your business further with a dedicated internet connectionwhitepaper Achieve internet speed and reliability to match your business ambitions
