Hackers accessed a server belonging to Spanish security vendor Panda Security and published email login credentials, in retaliation to yesterday’s FBI crackdown on hacking group LulzSec.
Anonymous-affiliated subgroup AntiSec appears to have targetted Panda because the company’s technical director Luis Corrons wrote a blog post entitled, "Where the Lulz now?" celebrating yesterday’s arrests of alleged LulzSec members. Hackers also claimed that Panda had helped law enforcement officals arrest Anonymous members in the past.
Corrons wrote that the arrests would likely mean an end to the advanced hacking as carried out by LulzSec. The Panda blog where he posted is still offline following the attack (Google cached version).
Information from the server was accessed yesterday and posted on anonymous text publication website Pastebin, along with a message lamenting the recent arrests of LulzSec members and denouncing the standards of Panda’s own security and products.
"Pandasecurity.com…helped to jail 25 [members of hacktivist collective] Anonymous in different countries and they were actively participating in our IRC channels trying to dox many others," the hackers wrote. "[It’s ironic that] they are trying to sell IT security services that only endanger people even more."
Panda’s Corrons confirmed that its systems were breached but said that the hackers only gained access to a server used for marketing campaigns and hosting blogs, which sits outside the "Panda Security internal network".
"Neither source code, update servers nor customer data was accessed," Corrons said. "The only information accessed was related to marketing campaigns such as landing pages and some obsolete credentials, including supposed credentials for employees that have not been working at Panda for over five years."
Panda has since confirmed that other employees whose login credentials were included in the leak do still work for the company, but it reiterated that the credentials are several years old.
Five people, including two based in the UK, were arrested yesterday in connection with the LulzSec hacking group, which claimed victims including Sony Pictures Entertainment in a string of attacks last year.