New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yeah, anyone with CC details on file are in trouble.
Not necessarily populated fully. Not all columns are used by all companies.
Welp, there goes my email address... Can't wait for "Have I Been Pwned" email notification, and a bunch of spam mails after that. Merry Christmas to me!
Got it too. @jsg - what is your opinion from a security perspective? Did you get it too?
yes , same
So many accounts. So many email addresses exposed. This is a huge mess, just when I thought 2021 was going to end.
PwnedSolutions.
"3000"
No, AFAIK I didn't get that email.
As for "security perspective": You are very lucky if you get some sakkurity with WHMCS and the other PHP and javascript crap and that's not HS specific.
Potential plot twist: Hacked? Indeed? Have any evidence? People under immense pressure are known to do strange things, things one should never do, things like "losing a customer DB or parts of it" and, pure coincidence of course, finding some money in their pockets a bit later.
The only confirmation we have is someone saying the password hash matches their pass, right? Or did I misread?
The password hash is based on a salt in the configuration.php file so how could one know?
Devil's advocate: There are many ways to fake things like this by knowing the names of the columns and using info from other DB leaks and/or just basic searching. It's a really good way to hurt a provider because people read the sensational stories, never the retraction.
Def a legit whmcs tblclients table leak. I bet the client notes column will be quite interesting. Mine says “a fuck chargeback”. Long time ago now but if I remember I placed an order which they did not provide. Didn’t answer my ticket so I opened a PayPal dispute. They quickly accepted the dispute but tried to let people know on the group I was a scammer and something along the lines that “I do it to their friends hosting companies to get free services”
I had vm with hostsolutions. but cancelled and refunded by paypal through pp dispute.
still not received this hack-mail.
hope my account info is been deleted by cociu?? I Had only my pp id, name and address there.
"about a month ago".
That explains why their site wasn't functional I guess. I'm not sure why people are surprised. L
Anyway, I hope you guys didn't really re-use passwords across sites, even if it's just hashed passwords, and I hope for the best with those who directly used their CC.
2021 is a meme.
My email is still on it's way or gmail blocked it.
Could you verify this if I post here both the hash they put in the email and my password? (Its a auto generated password only used for HS so I'm not risking myself there)
Maybe the hacker is cociu self, so that he can not hornor account credits
Not without the salt in configuration.php.
I hoped Marius might revive the brand, but as it stands, the value of company is now: 0 (zero).
If that's confirmed the case (salt indeed in config php) then how the fuck did OP confirm his password against the hash?
I take it you aren't a HS customer @jar, but I trust you enough that I'm willing to forward the email to you (or whatever you'd prefer) so you can do your forensic email stuff on it lol - hit me on on a PM if you're interested.
Confirm the password in the email is the one I use for hostsolutions.
Can anyone confirm? How are passwords of servers (root) stored in WHMCS? Are they in clear?
I was for a short time long ago. I don't recall what email I even used.
I don't think having all of it would give me any more insight right now. I'm familiar with people trying to fake database leaks and that's why I'm a bit reluctant to reach a conclusion thus far.
It is common practice with most secure apps and being a whmcs plugin developer myself. You encrypt the password with a key(salt) and the salt is stored away from and in a different medium to where the salted password is stored. If your password is in a database then your salt gets stored in a file somewhere else. In whmcs case, salted password in the database and salt in the configuration file. Done right.
Whmcs does have floors though such as a copy of every email sent is stored unencrypted in the tblemails database table, this includes welcome emails containing passwords.
Hashed based on salt in configuration.php. I once forgot to carry over the salt and screwed up passwords for everyone. Maybe not every password field uses the salt though, modules do all kinds of things.
It also shows the amount of "credit" that someone of us were unfortunately enough to have. That number is accurate on mine.
Hacked by cociu
That would indeed server as an acceptable confirmation.
It's definitely a real leak, they also list the last IP used and it matches my VPN IP.
I confirm my password on decryption.
I confirm my email address.
I confirm my IP.
This is a real leak!
Also an update from me since I had so many thoughts. I now know what email I used back then. I'm no longer skeptical.