Barracuda Networks found themselves the victim of an SQL injection
attack over the weekend. The breach did not affect any financial
information but did compromise a database containing the names and
e-mails of some of the company’s partners, employees and leads.
According to a post
by Barracuda’s EVP and CMO Michael Perone on their Internet Security
blog, the site had been put on “passive monitoring mode” for a
maintenance window that began Friday night. Barracuda’s Web Application
Firewall, which would’ve usually prevented the hack was still offline on
Saturday night, when the attack occurred.
The attacker launched a
series of script attacks until it found an SQL vulnerability in a PHP
script normally used to display customer case studies. A disclosure blog post on Tumblr identifies the hacker as Fdf and goes on to detail a list of databases, e-mail addresses and leads.
Barracuda Networks has been working to notify those whose e-mail addresses were released.