Hacker 'Fdf' Takes Credit for Barracuda Networks SQL Injection Attack ‎

A hacker broke into a Barracuda Networks database and obtained names and email addresses of some of the company’s employees, channel partners and sales leads.

The hacker, who called himself Fdf, yesterday posted online evidence of his hacks, showing email addresses of company employees and names, company affiliations and phone numbers of sales leads registered by the Barracuda’s channel partners, PCWorld reported.

Barracuda confirmed the breach yesterday and detailed the attack, which began Saturday night when an automated script began crawling the company website in search of unvalidated parameters.

After approximately two hours of “nonstop attempts,” the hacker was able to exploit an SQL injection flaw on a script used to show write-ups of customer case studies, granting him access to a database Barracuda used for its marketing program and sales lead development.

The web security company does not store financial information in that database, said Barracuda EVP and CMO Michael Perone.

“Further, we have confirmed that some of the affected databases contained one-way cryptographic hashes of salted passwords,” he added. However, all active passwords for applications in use remain secure.”

 

email
Filed in: Cyber Tags: , , , , ,

You might like:

Serco Introduces UK-Based Cyber Training Program; Richard Preece Comments Serco Introduces UK-Based Cyber Training Program; Richard Preece Comments
NSA Adds NYU School of Engineering to Exclusive Cyber Security List NSA Adds NYU School of Engineering to Exclusive Cyber Security List
HP Looks to Extend Data Protection with Cloud, Encryption Solutions HP Looks to Extend Data Protection with Cloud, Encryption Solutions
Bill Stewart: Booz Allen Finds Cyber Attacks the Top Security Concern of Finance CIOs Bill Stewart: Booz Allen Finds Cyber Attacks the Top Security Concern of Finance CIOs
© 1383 ExecutiveBiz. All rights reserved.