Anonymous gives Panda two black eyes

Hacker outfit Anonymous has defaced about 24 websites owned by Panda Security in revenge for the security outfits involvement in the arrests of LulzSec members.The hackers could not take down Panda’s main site  but various subdomains were toast.

Each one included a YouTube video of Anonymous and LulzSec exploits, and “what appeared to be the username and password details of over 100 Panda employees.

Rival insecurity outfit Sophos reported the attack which appears to be a response to a Panda Security blog post about the LulzSec arrests titled “Where is the lulz now?”

The Panda employee who wrote the “Where is the lulz now?” blog post, Luis Corrons, has been tweeting about the incident, saying “we have our team taking a look into the defacement right now. And investigations to catch criminals are always fun.”

But Corrons denied Panda helped law enforcement jail LulzSec members. But he added that he would have loved to be involved in it.

The post was taken down after Panda realised that it probably was not a good idea to crow about the arrests.

Messages posted by Anonymous on the hacked Panda pages also accuse the company of working with law enforcement to jail Anonymous members.

Despite taking down the post, Panda said the attack was not a severe one, noting in a statement on Facebook that “The attack did not breach Panda Security’s internal network and neither source code, update servers nor customer data was accessed. The only information accessed was related to marketing campaigns such as landing pages and some obsolete credentials, including supposed credentials for employees that have not been working at Panda for over five years.” Hackers obtained access to a server “hosted outside the Panda Security internal network,” which was used for marketing campaigns and company blogs.