Web Database Breach At Security Firm
A hacker was able to exploit a hole in security software maker Barracuda Networks' corporate web database, and made off with names and email addresses of some of the company's employees, channel partners and sales leads. An automated script was used to "crawl" the company website in search of unvalidated parameters. After two hours of nonstop attempts, it discovered an SQL injection vulnerability in a simple PHP script that serves up customer reference case studies.
This customer case study database shared the SQL database used for marketing programs which contained the names and emails of partners and employees. The attack initially used one IP address to do reconnaissance before it was joined by another IP address about three hours later. The company said that no financial information is stored in the compromised databases, and that all active passwords for applications remain secure.