Hacker breaks into Barracuda Networks database using SQL Injection

Tools

A hacker broke into a database of Barracuda Networks over the weekend via an SQL injection, using the access gained to extract the names, email addresses and contact numbers of partners and Barracuda customers. The full details were then posted online, which includes the MD5 hashes of passwords belonging to partners and Barracuda staffers. For now, it is not known whether the MD5 hashes were salted--which would have made them much harder to crack.

In response, Barracuda EVP and CMO Michael Perone posted on the company blog Monday, information on what the company knows about the attack. Admitting to making a mistake, Perone says that the Barracuda Web Application Firewall used to protect the company's website was unintentionally placed in "passive monitoring mode" during a maintenance window. As such, an automated script was able to find an SQL injection vulnerability in a PHP script used to serve up customer case studies. Ongoing investigations are continuing, though company says that "We have logs of all the attack activity, and we believe we now fully understand the scope of the attack."

For more on this story:
- check out this article at The Register
- check out this article at Computerworld
- check out this blog at Barracuda Labs

Related Articles:
MySQL.com falls to SQL injection attack 
Websense posts update on LizaMoon SQL injection malware campaign
Cybercriminals peddling exploit kits as hosted service