A Symantec-run website was vulnerable to Blind SQL Injection problems that
reportedly exposes a wealth of potentially sensitive information.
Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a
glimpse at the database behind Symantec’s Japanese website. A peek at the
Symantec store revealed by the hack appears to show clear-text passwords
associated with customer records. Product keys held on a Symantec server in
Japan were also exposed by the hack.