We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hacker breaks into Barracuda Networks database

The hacker, "Fdf," used an SQL injection technique to get access to names and e-mail addresses in the database

A hacker has broken into a Barracuda Networks database and obtained names and e-mail addresses of some of the security company's employees, channel partners and sales leads.

The hacker, who called himself Fdf, posted proof of his attack to the Web on Monday, showing e-mail addresses of company employees and names, e-mail addresses, company affiliations and phone numbers of sales leads registered by the company's channel partners.

The attack started Saturday night and was launched at a time when the Barracuda Web Application Firewall that was supposed to protect the site had been taken offline for maintenance, Barracuda said Monday. After a couple of hours of probing, the hacker found an SQL injection flaw -- a common Web programming error -- on a script used to display write-ups of customer case studies. That one mistake got him into a database that the company used for its marketing program and sales lead development.

Barracuda does not store financial information in that database, the company said.

Although it's embarrassing when security companies get hacked, it happens a lot.

Last month EMC's RSA group said that someone had broken into its networks and obtained information that could compromise its SecurID products. In February security consultancy HBGary Federal was broken into, with tens of thousands of the company's e-mail messages posted online.

Other than noting that he used an SQL injection technique, Fdf didn't say much about the attack in his Web posting, but he did give a shout out to some of his friends and "all Malaysian hackers." News of the incident was first reported Monday by The Register.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is [email protected]


IDG UK Sites

Samsung Galaxy S6 release date, features and specs rumours: When will the Galaxy S6 come out?

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...