WHMCS Hacked

pioneernetworks

I just received the email.

Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.

To clarify, this was no hack of the WHMCS software itself, nor a hack of our server. It was through social engineering that the login details were obtained.

As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately. Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.

This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.

We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.

---

WHMCS Limited www.whmcs.com

subigo

It's fun seeing how many hosts/people on this forum have had takedown notices sent to them from WHMCS over the years for trying to use nulled versions. I won't name any names, but keep that in mind next time any of you think you're badass, because there's a lot of you.

FRCorey

I have not gotten any email yet, but I've seen one email that says CC details have been leaked and another that does not mention it.

subigo

@FRCorey said: I have not gotten any email yet, but I've seen one email that says CC details have been leaked and another that does not mention it.

I just got the email about five minutes ago.

Spencer

@subigo said: It's fun seeing how many hosts/people on this forum have had takedown notices sent to them from WHMCS over the years for trying to use nulled versions. I won't name any names, but keep that in mind next time any of you think you're badass, because there's a lot of you.

HAHAHAHA that is right. You can now see who has used nulled WHMCS in the past. In the database is there a table of nulled hosts?

subigo

@PytoHost said: HAHAHAHA that is right. You can now see who has used nulled WHMCS in the past. In the database is there a table of nulled hosts?

There are a few different places to find the information, but "mod_takedownnotices" is the easiest place to look.

Liam

They've really messed up. He's making $500k and using hostgator, wtf?

MrAndroid

@liam said: They've really messed up. He's making $500k and using hostgator, wtf?

I thought the same thing, why use HostGator?

rds100

@liam well, he has to host it somewhere after all.

Liam

@rds100 said: @liam well, he has to host it somewhere after all.

Obviously, but companies like liquidweb are more respected ;)

FRCorey

I'm sure they're making over 500k that was just an estimate based on if everyone was leasing this for 8 dollars a month.

subigo

@FRCorey said: I'm sure they're making over 500k that was just an estimate based on if everyone was leasing this for 8 dollars a month.

Right, I did the math and that was the low estimate. They're most likely making something in the range of $700k/month.

rds100

Anyway, screw WHMCS. I am watching SpaceX's launch attempt now - should happen after 4 minutes. Let's hope they get it right this time :)

Asim

So, did the database of WHMCS make it online?

CVPS_Kevin

@subigo said: Right, I did the math and that was the low estimate. They're most likely making something in the range of $700k/month.

A close friend/source of mine actually restored the db on localhost and shown me the following:

This Month: $240,640.43 USD This Year: $1,660,666.28 USD

And he told me that WHMCS made nearly $10,000 the day they got hacked.

MrAndroid

@Asim said: So, did the database of WHMCS make it online?

Pretty much WHMCS's entire cPanel account made it online.

MrAndroid

@rds100 said: @liam well, he has to host it somewhere after all.

Your a company with a revenue of over $1,000,000 and you use shared hosting?

rds100

@Daniel i think it was their own dedi, not a shared hosting account.

Liam

@FTN_Kevin said: This Month: $240,640.43 USD This Year: $1,660,666.28 USD

And he told me that WHMCS made nearly $10,000 the day they got hacked.

Still a lot!

MrAndroid

@rds100 said: @Daniel i think it was their own dedi, not a shared hosting account.

Ah right, but still use HostGator?

I just looked at the WHMCS News Feed, ouch. http://dl.dropbox.com/u/2734617/Screenshots/k0ys2_mzkhxk.png

rds100

I have no experience with HostGator, can't comment. At least they didn't use GoDaddy :)

MrAndroid

@liam said: Still a lot!

It is, considering its only been 5 months of the year.

CVPS_Kevin

He also did tell me there were 15-20 staff member accounts, so you have to remember Matt had quite a few employees he had to pay as well.

But from the info my source has given me WHMCS seems like a very profitable business, why they did not hire a dedicated abuse/security team is beyond me.

iwebhostu

WHMCS Not Fully hacked - Someone tried too.. But they restored it.. FAST.

---------------- WHMCS Send Mail to Us-------------------------- Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.

To clarify, this was no hack of the WHMCS software itself, nor a hack of our server. It was through social engineering that the login details were obtained.

As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately. Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.

This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.

We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.

---

WHMCS Limited

www.whmcs.com

But this is fascinating !!! God Bless America there is a site name HostGator - That's why we saved. No Credit Card details of ours not in Risk. :)

CVPS_Kevin

@iwebhostu said: But this is fascinating !!! God Bless America there is a site name HostGator - That's why we saved. No Credit Card details of ours not in Risk. :)

Wrong, client's WHMCS installs are not affected, but those who paid whmcs.com directly with there CC are indeed affected. There CC details are all over the internet now in a simple database download.

People on WHT have already claimed to decoded it and get the full CC details already.

IF you paid WHMCS.com directly with CC destroy it immediately and get it replaced!

MrAndroid

@iwebhostu said: But this is fascinating !!! God Bless America there is a site name HostGator - That's why we saved. No Credit Card details of ours not in Risk. :)

All this is HostGators fault.

CVPS_Kevin

@Daniel said: All this is HostGators fault.

I read somewhere on WHT that someone had access to Matt's email to get the authentication info for HostGator...

So isn't this Matt's fault to begin with for not having cphulk and having insecure webmail password?

MrAndroid

@FTN_Kevin said: I read somewhere on WHT that someone had access to Matt's email to get the authentication info for HostGator...

I heard somewhere that they pretended to be Matt, and then HostGator gave them the password, and Matt used it on other sites (including his gmail)

So I guess its partly HostGators fault and WHMCSs for using HostGator and using same password everywhere.

iwebhostu

@FTN_Kevin said: client's WHMCS installs are not affected, but those who paid whmcs.com directly with there CC are indeed affected. There CC details are all over the internet now in a simple database download.

People on WHT have already claimed to decoded it and get the full CC details already.

IF you paid WHMCS.com directly with CC destroy it immediately and get it replaced!

I said the same thing.. guess people who use Hostgator servers for WHMCS Billing are perfectly ok.. LOL! Thinking about HostGator... Is they pay WHMCS by CC?

CVPS_Kevin

@iwebhostu said: Thinking about HostGator... Is they pay WHMCS by CC?

For WHMCS paying HG, according to Subdigo's post here of the chat transcript they paid via CC, not sure about HG > WHMCS though: http://www.lowendtalk.com/discussion/comment/66372#Comment_66372