Skip to main content

VMware Source Code Compromised

VMware has admitted that a hacker has stolen some of the source code for its virtualisation software, and begun posting it online.

Earlier this week, VMware's security team was made aware of a single file posted from the VMware ESX source code - and the threat that more files might be posted in the future.

The firm immediately moved to calm security concerns. Iain Mulholland, Director of the VMware Security Response Centre, stated: "The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today."

"We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Centre, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."

The perpetrator of the data theft is reportedly a hacker known as "Hardcore Charlie" who is associated with LulzSec, and claims to have 300Mb of VMware source code, according to Kaspersky Lab.

Some have speculated that the source code may have originated from the China National Electronics Import-Export Corporation (CEIEC), following the theft of 1TB of data from the Chinese organisation last month.

Source: The Guardian