"As of now we start sharing with all our brothers and followers information from the Indian Militaty (sic) Intelligence servers, so far we have discovered within the Indian Spy Programme (sic) source codes of a dozen software companies which have signed agreements with Indian TANCS programme (sic) and CBI," Yama Tough had said in one comment.
It is still too early to see what impact the code disclosure will have on Symantec and its enterprise customers. Some say that exposure of older source code will likely pose less of a risk because of the fast pace at which security products evolve.
Rob Rachwald, director of security strategies at security vendor Imperva, said there isn't much the hackers can learn from the code that they don't know already.
"The workings of most of the antivirus' algorithms have been studied already by hackers in order to write the malware that defeats them," Rachwald wrote in a blog post Thursday. "A key benefit of having the source code could be in the hands of the competitors," he said.
This is the second time in less than a year that a major security vendor has found itself in the embarrassing position of owning up to a data breach. Last year. RSA disclosed that unknown attackers had accessed source code to its SecurID two-factor authentication technology. The breach prompted widespread concerns about the security of the company's authentication products within government and the private sector.
In Symantec's case, the compromise did not result from a breach of its own servers. Even so, the fallout from the code exposure could be significant for the company, especially if a large number of its enterprise customers are still using the two compromised products.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His email address is email@example.com.
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.