ID: IRCNE2012081585
Date: 2012-08-15
According to “TechWorld”, Symantec has plugged a hole in its Norton Online Backup service that inadvertently allowed some users to view and access data of other Norton Online backup customers.
"On July 30, as part of our ongoing server maintenance, Symantec made a change in the way that they cached certain HTML files and other static assets that, through a temporary misconfiguration, may have resulted in certain users incorrectly receiving other users' session cookies," said Symantec in a statement today. "These cookies impact the data that is displayed when a user logs into their Norton Online Backup account."
The issue was brought to the attention of Symantec by at least one Norton Online Backup user, Bill Howland, who also contacted Network World on Aug. 7 about what he thought to be a strange phenomenon that suggested a data breach because he was getting access to other people's files. He wrote via email that he had just purchased the Norton Online Backup product and it didn't seem to be working right.
Later he wrote about how things seemed. "When I have been connected to other person's data, my icon and computer name show on the screen for a microsecond, and then they are replaced with the other person's icon(s) and computer name(s). This must be a glitch in their link between their logon and authentication module and the link to the actual storage files which belong to each particular user."
Symantec acknowledges it began investigating these questions on Aug. 7 and "fixed the issue within 24 hours by rolling the server software back to an earlier state," though the security vendor isn't saying how many Norton Online Backup customers were impacted. "As of August 8, no further instances of this error have occurred."
- 2