Stories of hacking and hacks have become so commonplace that they often barely rate a mention, but here’s a truly disturbing case if it’s true: Three major U.S. antivirus companies allegedly have been hacked.

The details of the alleged hack were first detailed Thursday by self-described security firm Advanced Intelligence LLC. The names of the companies weren’t revealed, but the hacking group, “Fxmsp,” was described as a high-profile Russian- and English-speaking “hacking collective.”

Fxsmp is said to be offering data from the hack, including exclusive source code related to the companies’ software development, for $300,000. Yelisey Boguslavskiy, director of research at Advanced Intelligence, told Ars Technica that the firm had advised the companies allegedly hacked through partner organizations and had also provided the details to U.S. law enforcement agencies.

Why the companies weren’t named wasn’t explained. The sole source of information on the alleged hack, Advanced Intelligence, which claims to be based in New York City, literally appeared out of nowhere overnight. This is the first thing the organization wrote in its blog, and although a Whois check finds the domain was registered 12 months ago, the site first appears in Archive.org today, May 9.

There’s also no registered company by the name of Advanced Intelligence LLC, according to the U.S. Securities and Exchange Commission. Perhaps it’s a very early-stage startup, but the lack of visibility raises questions over whether this could be an elaborate prank.

Tim Erlin, vice president of product management and strategy at Tripwire Inc., told SiliconANGLE that security companies aren’t immune from breaches either and certainly have sensitive data to protect.

“Source code for any security product, antivirus included, is valuable to attackers working on ways to circumvent controls or avoid detection,” Erlin said. “If an attacker knows the internals of how security tools work, they can build exploits to avoid them more easily.”

Image: Advanced Intelligence