Author

Topic: WHMCS Hacked, Client data leaked online (Read 2190 times)

legendary
Activity: 2506
Merit: 1010
May 29, 2012, 01:06:11 PM
#3
SQL Injection patch released.

Quote
The events of last week have obviously put a lot of focus on WHMCS in recent days from undesirable people

So nice to see that Bitcoin is not involved whatsoever with any of this ongoing mess  :-)

 - http://forum.whmcs.com/showthread.php?47828-Security-Patch
full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
Maybe there is a hole in the AV that protects Matt's email server.  Shocked
donator
Activity: 112
Merit: 10
keybase.io/arblarg
It seems someone pulled a bitcoinicon on WHMCS recently.


Quote
It is rumoured and believed that Matt’s email account was hacked and hence the hackers gained access to the server details and the Twitter account at the same time. Nothing has been done so far to get the twitter account back, although WHMCS is back online after being hacked and defaced with a DDoS attack.

Quote
It is advised that all companies using WHMCS installations should either bring it offline or protect their /admin/ folder by configuring IPs (this MAY save your WHMCS installation IF it there is still a vulnerability in WHMCS as the hackers stated earlier)


Quote
WHMCS is a popular billing software used by most of the small to medium scale hosting companies. The intruder gained access to the servers using “social engineering attack”. There are approx half a million (500,000) user records with Credit Card info leaked online.

“Following an initial investigation I can report that what occurred today was the result of a social engineering attack. The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions, And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details. This means that there was no actual hacking of our server. They were ultimately given the access details.” Matt Pugh explained.

It is also worth mentioning that the WHMCS twitter account was also taken over by the hackers.

It is rumoured and believed that Matt’s email account was hacked and hence the hackers gained access to the server details and the Twitter account at the same time. Nothing has been done so far to get the twitter account back, although WHMCS is back online after being hacked and defaced with a DDoS attack.

Hackers told Softpedia that they can easily decrypt password and they gained access to the servers using “social engineering and injections”.

It is advised that all companies using WHMCS installations should either bring it offline or protect their /admin/ folder by configuring IPs (this MAY save your WHMCS installation IF it there is still a vulnerability in WHMCS as the hackers stated earlier)
Jump to: