"The Romanian hacker who successfully broke into a web site owned by security vendor Kaspersky Lab has struck again, this time exposing shortcomings in a Symantec web server.
The hacker, known only as Unu, said in a blog post today that he was able to access a server belonging to the security giant using a blind SQL injection attack.
Once in, he accessed sensitive information including customer address data and catalogue keys on the Symantec Store database.
The hacker also expressed outrage that user passwords were displayed in plain text and had not been encrypted."
Unu's Blog: http://unu123456.baywords.com/2009/11/23/symantec-exposed-passwordsserials-sql-injection-full-database-access/