Symantec Data Stolen by Hacker Is Fake, Company Says

A presentation is made in the Symantec booth during the RSA Conference on in San Francisco, on Wednesday, April 22, 2015.
A presentation is made in the Symantec booth during the RSA Conference on in San Francisco, on Wednesday, April 22, 2015.
Photo: Marcio Jose Sanchez / AP

Data including a purported list of clients was reportedly stolen from the leading antivirus maker Symantec in a breach the company has downplayed as having no ramifications.


The Guardian reported on the incident Thursday, saying the stolen data included passwords and Symantec account numbers. The list of ostensible clients included the Australian federal police, major banks, universities, and retailers, among others, that paper said.

According to Symantec, though, the data is largely phony. The company said the incident was contained to a test environment it used for demonstration purposes. According to the Guardian, Symantec described the data as “low-level and non-sensitive” and the email accounts involved as “dummy e-mails.”

A Symantec spokesperson told the paper that the client list itself was also fake and that the entities “are not necessarily Symantec customers.” The Guardian did confirm that some of them, including Australia’s Department of Social Services, are users of Symantec’s products. Another government agency listed among the stolen files, however, hasn’t existed in six years.

The use of such “dummy data” is not uncommon, and it affords companies the ability to relax security protocols while testing new products. Developers on a project may not all work in the same building or even on the same continent. Using fake customer information allows them to share access to their work more quickly without fear of leaking sensitive data.

Companies that use real customer data for testing often suffer for it. The anonymous workplace app Blind, for instance, temporarily exposed sensitive information last year after it transferred a portion of its customers’ data to a test environment. The data was not immediately encrypted or deleted, as was protocol. A data-breach hunter quickly discovered the data online and shared news of it with a reporter.


Last year, the weight-loss company Weight Watchers also left a test environment accessible online. The company claimed that no personally identifiable information had been exposed, though the security team that discovered it remained skeptical.

Symantec was among a list of three major antivirus companies that a hacking group claimed to have penetrated last month, as Gizmodo first reported. The hackers, known collectively as Fxmsp, were attempting to sell the stolen data on the black market for $300,000. “There is no indication that Symantec has been impacted by this incident,” the company said at the time.


AdvIntel, the cybersecurity firm that had been tracking Fxmsp’s activities, told Gizmodo on Thursday that there didn’t appear to be a connection between the two incidents. “It doesn’t seem that this is related to our guys,” they said.

The Guardian reported that the hacker who breached Symantec’s test environment had also taken credit for stealing information from Australia’s Medicare program, data that subsequently appeared for sale on a dark net market board.


Senior Reporter, Privacy & Security