The incident highlights the need for companies to pay special attention to the dangers posed by embedded back doors, Kessler said. It also shows, he added, that when IT managers set up trusted VPN connections with third parties, "you are indirectly trusting the people they are trusting."

Locating back doors built into enterprise software can be difficult, said Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa. But Lindstrom said that IT and security managers can take measures to mitigate the risks posed by back doors, such as monitoring systems at the database and application levels, validating the nature and integrity of database queries, and tracking activity logs. "The fact that we know this happened obviously shows that people do get caught," even if they come in via hidden back doors," he said. "It may take a while but its possible to catch this sort of thing," he said.