Hardcore Charlie had earlier this month announced he had broken into CEIEC's computers and extracted thousands of documents from the company's servers. The VMware source code that was posted on Pastebin this week appears to have been one of those documents.

"While details are sketchy, this attack once again shows that even the best prepared firms can have risks from consequential third-party access to data out of their control," Mark Bower, a vice president at Voltage Security, said in an emailed statement. "The real pain for the industry in this case is less about counterfeit VMware instances, but the intimate knowledge attackers may now possess of possible vulnerabilities in a critical virtualization tool."

Earlier this year, the security vendor Symantec also suffered a similar . In Symantec's case, the leaked code involved the Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 products, both of which were more than five years old at the time they were posted.

One of the purloined documents described an Application Programming Interface (API) for Symantec's antivirus product. Another listed the complete source code tree file for Norton Antivirus. An Indian hacking group calling itself Lords of Dharmaraja claimed that it had accessed and posted the source code.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at or subscribe to . His e-mail address is .