Barracuda Networks Breach Exposes Partner Contact Information


A hacker exploited a hole in Barracuda Networks’ corporate Web site and made off with names and e-mail addresses of some of the company’s employees, channel partners and sales leads.

A Barracuda Networks spokesperson told CRN that the breach only affected a subset of partners involved in certain marketing and sales lead-generation programs.

According to the company, the attack took place April 9 -- a day after the Barracuda Web application firewall in front of the Website was unintentionally placed in passive monitoring mode and taken offline.

“Starting Saturday (April 9) night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters,” blogged Michael Perone, executive vice president and chief marketing officer at Barracuda. “After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market. As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees.”

The attack initially used one IP address to do reconnaissance before it was joined by another IP address about three hours later, Perone continued.

“The good news is the information compromised was essentially just names and email addresses, and no financial information is even stored in those databases,” he wrote. “Further, we have confirmed that some of the affected databases contained one-way cryptographic hashes of salted passwords. However, all active passwords for applications in use remain secure.”

Some information taken in the attack was posted online Monday.