Earlier on Tuesday it was revealed that authorities had made arrests of several LulzSec members. LulzSec was an offshoot of Anonymous, and its leader, Sabu, or Hector Xavier Monsegur, was outed as having been working with the FBI since last summer.
Anonymous said the following in a post on the defaced Panda site:
"Yeah yeah, we know, Sabu snitched on us. As usually happens FBI menaced him to take his sons away. We understand, but we were your family too. (Remember what you liked to say?) [probably referencing the way Sabu rallied his teammates on Twitter]. It’s sad and we can’t imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to police."
Anonymous didn't just deface Panda Labs' site as a demonstration to Sabu, though. The group is also angry over what it perceived as the Spanish firm's role in the arrest of 25 members of the group in Spain and South America in February. In addition to defacing the site, the group also posted what appeared to be a large number of passwords used by the company’s staff.
The site is still down at this time. Panda's site where it sells its security software appear to be unaffected at this time.
Panda Security researcher Luis Corrons perhaps prompted the Anonymous attack. Earlier on Tuesday he had trumpeted the news of the LulzSec arrests and predicted that with LulzSec's crippling, the remaining Anonymous group would only be capable of simple DoS attacks rather than breaking into sites and stealing data or defacing them, acts that LulzSec was good at.
“LOL HE ASKED FOR THE LULZ!!!! HERE IT IS THE LULZ. Pandasecurity.com, better known for its sh*tty ANTIVIRUS WE HAVE BACKDOORED, has [been] earning money working with law enforcement to lurk and snitch on anonymous activists…yep we know about you. How does it feel to be the spied one?”
A Panda statement said that despite the site outage, the hack was not significant and no customer data was lost.
"On March 6th the hacking group LulzSec, part of Anonymous, obtained access to a Panda Security webserver hosted outside of the Panda Security internal network. This server was used only for marketing campaigns and to host some of the company's blogs.
"Neither the main website www.pandasecurity.com norwww.cloudantivirus.com were affected in the attack. The attack did not breach Panda Security's internal network and neither source code, update servers nor customer data was accessed.
"The only information accessed was related to marketing campaigns such as landing pages and some obsolete credentials, including supposed credentials for employees that have not been working at Panda for over five years. We continue investigating the cause of the intrusion and will provide more details as soon as they become available."