VMware didn't respond immediately to a request for more information about the impact of the breach on customers.

Eric Chiu, president of virtualization security firm Hytrust, says it's hard to say what VMware customers should do because there's not enough detail about how the exposed code is being used in current products.

In general, though, customers should review the security for virtual environments to address the fact that a compromised hypervisor exposes multiple virtual machines.

While the incident is reminiscent of the breach last year of RSA source code, the circumstances differ. An RSA partner was breached and that breach was used to send a malware-laced email to an RSA staffer who opened it.

In VMware's case, the CEIEC network was hacked and finding the source code was fortuitous.