Hacker Breaks into Barracuda's Marketing, Sales Lead Database

PCWorld reports: A hacker has broken into a Barracuda Networks database and obtained names and e-mail addresses of some of the security company's employees, channel partners and sales leads.

 

The hacker, who called himself Fdf, posted proof of his attack to the Web on Monday, showing e-mail addresses of company employees and names, e-mail addresses, company affiliations and phone numbers of sales leads registered by the company's channel partners.

 

The attack started Saturday night and was launched at a time when the Barracuda Web Application Firewall that was supposed to protect the site had been taken offline for maintenance, Barracuda said Monday. After a couple of hours of probing, the hacker found an SQL injection flaw -- a common Web programming error -- on a script used to display write-ups of customer case studies. That one mistake got him into a database that the company used for its marketing program and sales lead development.

 

Read full article.