We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Hacker breaks into Barracuda Networks database

The hacker, "Fdf," used an SQL injection technique to get access to names and e-mail addresses in the database

A hacker has broken into a Barracuda Networks database and obtained names and e-mail addresses of some of the security company's employees, channel partners and sales leads.

The hacker, who called himself Fdf, posted proof of his attack to the Web on Monday, showing e-mail addresses of company employees and names, e-mail addresses, company affiliations and phone numbers of sales leads registered by the company's channel partners.

The attack started Saturday night and was launched at a time when the Barracuda Web Application Firewall that was supposed to protect the site had been taken offline for maintenance, Barracuda said Monday. After a couple of hours of probing, the hacker found an SQL injection flaw -- a common Web programming error -- on a script used to display write-ups of customer case studies. That one mistake got him into a database that the company used for its marketing program and sales lead development.

Barracuda does not store financial information in that database, the company said.

Although it's embarrassing when security companies get hacked, it happens a lot.

Last month EMC's RSA group said that someone had broken into its networks and obtained information that could compromise its SecurID products. In February security consultancy HBGary Federal was broken into, with tens of thousands of the company's e-mail messages posted online.

Other than noting that he used an SQL injection technique, Fdf didn't say much about the attack in his Web posting, but he did give a shout out to some of his friends and "all Malaysian hackers." News of the incident was first reported Monday by The Register.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is [email protected]


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

Artist creates a geometric rave in a chapel for The House of St Barnabus

IDG UK Sites

Mac mini (Late 2014) 1.4 GHz review: Mac mini is sort of upgradable, but is it any good as it is?