in

Hacker 'Fdf' Takes Credit for Barracuda Networks SQL Injection Attack “Ž

A hacker broke into a Barracuda Networks database and obtained names and email addresses of some of the company’s employees, channel partners and sales leads.

The hacker, who called himself Fdf, yesterday posted online evidence of his hacks, showing email addresses of company employees and names, company affiliations and phone numbers of sales leads registered by the Barracuda’s channel partners, PCWorld reported.

Barracuda confirmed the breach yesterday and detailed the attack, which began Saturday night when an automated script began crawling the company website in search of unvalidated parameters.

After approximately two hours of “nonstop attempts,” the hacker was able to exploit an SQL injection flaw on a script used to show write-ups of customer case studies, granting him access to a database Barracuda used for its marketing program and sales lead development.

The web security company does not store financial information in that database, said Barracuda EVP and CMO Michael Perone.

“Further, we have confirmed that some of the affected databases contained one-way cryptographic hashes of salted passwords,” he added. However, all active passwords for applications in use remain secure.”

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity News

Napolitano, Attorney General to Attend European Cyber Crime Forum - top government contractors - best government contracting event

Napolitano, Attorney General to Attend European Cyber Crime Forum

Harris Introduces New iPhone App Device - top government contractors - best government contracting event

Harris Introduces New iPhone App Device