“Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old,” said Cris Paden, the company’s senior manager for corporate communications.
The confirmation comes in light of recent claims made by a group of hackers that they’ve copied Norton AntiVirus source code from compromised servers belonging to Indian intelligence agencies.
Paden confirmed that the security breach didn’t occur on Symantec’s own network, but that of a third party entity. However, he declined to speculate about its identity until the ongoing investigation reveals more information.
“However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized,” Paden said.
Symantec doesn’t think the functionality or security of its products was affected by the leak. However, third-party security experts believe that it might be possible for hackers and competitors to take advantage of the incident.
“A key benefit of having the source code could be in the hands of the competitors,” Rob Rachwald, director of security strategy at security firm Imperva, said in a blog post on Thursday.
“If the source code is recent and hackers find serious vulnerabilities, it could be possible to exploit the actual anti-virus program itself. But that is a big if and no one but Symantec knows what types of weaknesses hackers could find,” he added.