SQL Attack Hits Barracuda Networks, Exposes Data

Barracuda Networks found themselves the victim of an SQL injection
attack over the weekend. The breach did not affect any financial
information but did compromise a database containing the names and
e-mails of some of the company’s partners, employees and leads.

Barracuda Networks found themselves the victim of an SQL injection
attack over the weekend. The breach did not affect any financial
information but did compromise a database containing the names and
e-mails of some of the company’s partners, employees and leads.

According to a post
by Barracuda’s EVP and CMO Michael Perone on their Internet Security
blog, the site had been put on “passive monitoring mode” for a
maintenance window that began Friday night. Barracuda’s Web Application
Firewall, which would’ve usually prevented the hack was still offline on
Saturday night, when the attack occurred.

The attacker launched a
series of script attacks until it found an SQL vulnerability in a PHP
script normally used to display customer case studies. A disclosure blog post on Tumblr identifies the hacker as Fdf and goes on to detail a list of databases, e-mail addresses and leads.

Barracuda Networks has been working to notify those whose e-mail addresses were released.

The breach comes in the wake of other, high profile break-ins to RSA and its SecurID products and HBGary Federal, which saw a slew of company e-mails leaked online.

https://threatpost.com/rsa-hack-yields-securid-secrets-031711/

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.