A hacker broke into a Barracuda Networks database and obtained names and email addresses of some of the company’s employees, channel partners and sales leads.
The hacker, who called himself Fdf, yesterday posted online evidence of his hacks, showing email addresses of company employees and names, company affiliations and phone numbers of sales leads registered by the Barracuda’s channel partners, PCWorld reported.
Barracuda confirmed the breach yesterday and detailed the attack, which began Saturday night when an automated script began crawling the company website in search of unvalidated parameters.
After approximately two hours of “nonstop attempts,” the hacker was able to exploit an SQL injection flaw on a script used to show write-ups of customer case studies, granting him access to a database Barracuda used for its marketing program and sales lead development.
The web security company does not store financial information in that database, said Barracuda EVP and CMO Michael Perone.
“Further, we have confirmed that some of the affected databases contained one-way cryptographic hashes of salted passwords,” he added. “However, all active passwords for applications in use remain secure.”