Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Symantec plugs Norton Online Backup hole

The wrong kind of data sharing....

Article comments

Symantec has plugged a hole in its Norton Online Backup service that inadvertently allowed some users to view and access data of other Norton Online backup customers.

"On July 30, as part of our ongoing server maintenance, Symantec made a change in the way that they cached certain HTML files and other static assets that, through a temporary misconfiguration, may have resulted in certain users incorrectly receiving other users' session cookies," said Symantec in a statement today. "These cookies impact the data that is displayed when a user logs into their Norton Online Backup account."

The issue was brought to the attention of Symantec by at least one Norton Online Backup user, Bill Howland, who also contacted Network World on Aug. 7 about what he thought to be a strange phenomenon that suggested a data breach because he was getting access to other people's files. He wrote via email that he had just purchased the Norton Online Backup product and it didn't seem to be working right.

"I purchased the product a day ago and have been working with Tech support since the product just isn't working," Howland told us in an email. "As a side effect, I keep logging into Norton backup and I am randomly able to access other users data."

Howland, who provided a screen-shot sample picture of evidence of files he said came from someone named Erico, wrote, "Here we go again -- logged in, but these are not my computers. I have 100 Gb of storage and currently nothing in storage. Hey, this is neat, I can restore Erico's files!!! This is a security breach in my opinion."

Later he wrote about how things seemed. "When I have been connected to other person's data, my icon and computer name show on the screen for a microsecond, and then they are replaced with the other person's icon(s) and computer name(s). This must be a glitch in their link between their logon and authentication module and the link to the actual storage files which belong to each particular user."

Howland said he decided to immediately stop using Norton Online backup.

Howland added that a Norton Online Backup technician remotely assisting him in resolving the problems he was experiencing saw the display of the files from another user, but didn't comment on it at the time. Howland indicated he provided Symantec with evidence of the data breach. It turned out Howland had indeed identified a problem.

Symantec acknowledges it began investigating these questions on Aug. 7 and "fixed the issue within 24 hours by rolling the server software back to an earlier state," though the security vendor isn't saying how many Norton Online Backup customers were impacted. "As of August 8, no further instances of this error have occurred."



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *