Hacker exploits Barracuda Networks' web maintenance

A hacker has broken into several Barracuda Networks databases after the vendor accidentally took its firewall offline during scheduled IT maintenance.

The company's executive vice president Michael Perone said that databases containing new customer leads and channel partners' names and email addresses were accessed using a SQL injection.

"The good news is the information compromised was essentially just names and email addresses, and no financial information is even stored in those databases," Perone said.

"The bad news is that we made a mistake. The Barracuda Web Application Firewall in front of the Barracuda Networks Web site was unintentionally placed in passive monitoring mode and was offline through a maintenance window that started Friday night (April 8, 2011) after close of business Pacific time."

Perone said that the attack started with an automated script crawling the website. After two hours of on-stop attempts, "the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market", he said.

"As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees," Perone said.

"The attack utilised one IP address initially to do reconnaissance and was joined by another IP address about three hours later.

"We have logs of all the attack activity, and we believe we now fully understand the scope of the attack."

The alleged hacker posted proof of the exploit on social media sharing site Tumblr.