Hacker 'Fdf' Takes Credit for Barracuda Networks SQL Injection Attack ‎

A hacker broke into a Barracuda Networks database and obtained names and email addresses of some of the company’s employees, channel partners and sales leads.

The hacker, who called himself Fdf, yesterday posted online evidence of his hacks, showing email addresses of company employees and names, company affiliations and phone numbers of sales leads registered by the Barracuda’s channel partners, PCWorld reported.

Barracuda confirmed the breach yesterday and detailed the attack, which began Saturday night when an automated script began crawling the company website in search of unvalidated parameters.

After approximately two hours of “nonstop attempts,” the hacker was able to exploit an SQL injection flaw on a script used to show write-ups of customer case studies, granting him access to a database Barracuda used for its marketing program and sales lead development.

The web security company does not store financial information in that database, said Barracuda EVP and CMO Michael Perone.

“Further, we have confirmed that some of the affected databases contained one-way cryptographic hashes of salted passwords,” he added. However, all active passwords for applications in use remain secure.”

 

Filed in: Cyber Tags: , , , , ,

You might like:

Bill Stewart: Booz Allen Finds Cyber Attacks the Top Security Concern of Finance CIOs Bill Stewart: Booz Allen Finds Cyber Attacks the Top Security Concern of Finance CIOs
Ralph Langer: Stuxnet Virus a Two-Part Threat Ralph Langer: Stuxnet Virus a Two-Part Threat
Microsoft Pools Forensics, Legal Pros at Cybercrime Hub; David Finn, Richard Boscovich Comment Microsoft Pools Forensics, Legal Pros at Cybercrime Hub; David Finn, Richard Boscovich Comment
US Banks Take Part in Cyber Attack Preparedness Drill US Banks Take Part in Cyber Attack Preparedness Drill

One Response to "Hacker 'Fdf' Takes Credit for Barracuda Networks SQL Injection Attack ‎"

Leave a Reply

Submit Comment

© 2014 ExecutiveBiz. All rights reserved.

A Digest of ExecutiveBiz's Daily Coverage of GovCon

  • Executive Analysis
  • Technology & Innovation
  • Business

Sign up for the ExecutiveBiz Digest