Panda Security says hack of PandaLabs did not breach company’s internal network
By Jaikumar Vijayan
Computerworld – Hackers claiming to belong to the Anonymous hacking collective early Wednesday defaced Panda Security’s PandaLabs website in apparent response to the arrests of five hackers Tuesday in the U.K. and the U.S.
In a characteristically defiant message posted on PandaLabs’ hacked homepage, Anonymous taunted the former LulzSec leader Sabu for helping the FBI nab the hackers, and vowed to carry on its hactivist campaign regardless of the setback.
“We are Antisec we’ll fight till the end,” the message noted. “To FBI and other s…. come at us bros we are waiting for you,” it noted. The message was preceded by a seven-minute video clip set to the tune of “Santa Claus is Coming to Town” that appeared to recap Anonymous’ activities over the past year.
The attackers also posted what seemed to be the login credentials of numerous Panda Labs employees on the defaced homepage. They noted that the attack on the security firm’s site was in retaliation for Panda’s alleged role in helping law enforcement crack down on members of the hacking collective.
“They helped to jail 25 anonymous in different countries and they were actively participating in our IRC channels trying to dox many others,” the attackers said in apparent reference to a series of arrests of Anonymous members last year. “Yep we know about you. How does it feels being the spied one?” the message asked.
In an emailed statement, a Panda Security spokeswoman said the hackers had obtained access to a Panda Security webserver that was hosted outside of Panda’s internal network. This server was used only for marketing campaigns and to host company blogs, it said. “Neither the main website www.pandasecurity.com nor www.cloudantivirus.com were affected in the attack,” the statement said.
“The attack did not breach Panda Security’s internal network and neither source code, update servers nor customer data was accessed. The only information accessed was related to marketing campaigns such as landing pages and some obsolete credentials, including supposed credentials for employees that have not been working at Panda for over five years,” the company said.
www.computerworld.com, 7 March 2012