The Guardian reported that its staffer, Paul Karp, had seen the list which included a large number of Australian Federal departments. The attacker was the same one who had contacted the newspaper and claimed to have Medicare data for sale on the dark web.
Symantec has played down the incident, telling The Guardian that the system involved was "an isolated self-enclosed demo lab in Australia" not connected to its corporate network.
But don't security companies secure such labs even if they are, as the company put it, "used to demonstrate" security solutions and how they work together? Or are they left open to world+dog?
A screenshot of part of the Symantec homepage.
The company told The Guardian that the incident in question was not reported because it had concluded "no sensitive personal data was hosted in or extracted from this demo lab, nor were Symantec’s corporate network, email accounts, products or solutions compromised".
Whether the files within that system were dummy data or not, the only systems that are left open on the Internet are play servers where the person who sets them up wants them to be breached in order to collect data for a study. Another category of system known as a honeypot is often left with some ports purposely open so that it is attacked, once again for the purpose of study.
Rather than trying to whitewash the incident now, Symantec should have made proper disclosure at the time and said everything that it is now being forced to say.
It is a bad look for a company that claims to have "the strongest cyber defence platform powered by the world’s largest and most dynamic civilian threat intelligence network".