We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hacker breaks into Barracuda Networks database

The hacker, "Fdf," used an SQL injection technique to get access to names and e-mail addresses in the database

A hacker has broken into a Barracuda Networks database and obtained names and e-mail addresses of some of the security company's employees, channel partners and sales leads.

The hacker, who called himself Fdf, posted proof of his attack to the Web on Monday, showing e-mail addresses of company employees and names, e-mail addresses, company affiliations and phone numbers of sales leads registered by the company's channel partners.

The attack started Saturday night and was launched at a time when the Barracuda Web Application Firewall that was supposed to protect the site had been taken offline for maintenance, Barracuda said Monday. After a couple of hours of probing, the hacker found an SQL injection flaw -- a common Web programming error -- on a script used to display write-ups of customer case studies. That one mistake got him into a database that the company used for its marketing program and sales lead development.

Barracuda does not store financial information in that database, the company said.

Although it's embarrassing when security companies get hacked, it happens a lot.

Last month EMC's RSA group said that someone had broken into its networks and obtained information that could compromise its SecurID products. In February security consultancy HBGary Federal was broken into, with tens of thousands of the company's e-mail messages posted online.

Other than noting that he used an SQL injection technique, Fdf didn't say much about the attack in his Web posting, but he did give a shout out to some of his friends and "all Malaysian hackers." News of the incident was first reported Monday by The Register.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is [email protected]


IDG UK Sites

Windows 10 release date, price, features. The next version of Windows will run on everything:....

IDG UK Sites

Windows 9 and the death of the OS as a must-have product

IDG UK Sites

Video trends: 4K is here – HDR video, VR and 3D audio is coming

IDG UK Sites

How Windows 10 is even more like Mac OS X, and not just because it's another OS Ten