New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
PSA: Cloudie Networks breached
They started it off with an E-Mail to Cloudie customers;
Dear name
Hello and Merry Christmas.
We are the WHMCSec security team. Recently we broke into Cloudie and obtained complete data.
We tried to communicate with him in a friendly manner and offered him $200 to help him improve security and avoid data leakage.
But he replied to us that he doesn't care about the security of user data.
And lied to you, claiming that the data was not leaked
Therefore we decided to release its complete database SQL DUMP within 24 hours, please join our Telegram group to learn more
[redacted]
Our goal is to clean up all hosting providers who are not responsible for customer data
In addition, we will also release data on SmartHost, LetBox, etc. in the near future.
Someone was extorting them and leaked their database:
Database was confirmed to be legitimate.
They also released tickets with talking to Cloudie about it:
Comments
@Cloudie what happened?
What is leaked from their database? Is that only WHMCS-Related or their managed dump entire SQL Database included?
Only WHMCS, I'm willing to share it to people in DM's so they can check if they are affected.
I mean, I get that they just want some quick cash (of course, also clean up providers /s), but does it really make sense to release CUSTOMER DATA to just tell one hosting provider they suck?
Also, where's the telegram group link?
Dude, they are extortionists. They want money, if not they will do everything to make you look bad.
Not gonna give them satisfaction, they were already sperging about LET in there.
Yeah. Must be the most ethical security team ever :^)
It's always nice to have some moral high ground, even if you just want to wreck havoc and make some money while doing so, isn't it?
It happened when he installed a malicious plugin arbitrarily sent from whmcsservices mail engine. So the attacker first targeted whmcsservices then they got access to multi hosts than installed that said plugin. And i can confirm cloudie said the same as well, in whcmsservices thread earlier.
https://t.me/whmcssecurity
@Calin might be interested in the database
This is getting good
Other than the ones mentioned in the email, which other providers are affected?
More like QuadraNet
https://lowendtalk.com/discussion/191174/whmcsservices-whmcs-module-provider-hacked
Thats what i said the dates align perfectly the so-called hackers got the DB right after the WHMCSservices compromised mail service. And what they send? a malicious plugin update.
I am curious who is feeding data? any insights?
Someone on LET had posted in a topic related to WHMCS Global Services the config.php file from Cloudie that included the database credentials and the whmcs license that I had checked and it was legitimate.
Why did the moderators choose not to find out, let them tell us now, that they deleted the message (deleted, not edited).
@SmartHost any info?
Change your passwords.
If the post included database credentials, that ought to be removed. Why would anyone, let alone the moderators, would want something like that to be shared publicly?
That was not the point, point was moderators did not investigate it and didn't let anyone know about it.
We would've known that the breach occurred earlier.
It will be enough to remove that code block, specifying that it is not allowed to share leaks but is a thing to remove sensitive data and another one to remove any sign of leakage.
I think you should not share it with anyone, I just can assume data was leaked and do some pre-action before got unattended action.
Also still looking some clarification from @Cloudie about this case.
The thread where it was supposedly posted in is still here? Link by @malignify posted by @Advin above.
It's not like it will make a huge difference. Malicious people will know where to get anyways.
Its already public, its just 600 people, limiting the scope just to LET users works because its their primary market and I don't see who else would want to look at it. I believe anyone should be allowed to check if they are affected, I apply reasonable security measures during distribution.
Set username to "Password" Set password to "Administrator"
Call it a day! They'll never catch ya!
That's great to know, Also is suck there also "extorting" stuff going. Did leak was from same people do audit to cloudie system?
If yes, that unfortune.
I wonder they gonna spend that money to bilohbucks
All in all Sounds not that good but
200USD.... Thats Sounds fair. Many Hackers i have Seen demand thousands to not leak it.
I would probably Just have paid that bucks And demand a fix and how they got in to prevent in Future to lower any damage.
Especially in Cloudie Case when your company is already small. Its not like it will break your wallet.
Thing is, you have no guarantee they will not leak it, they make take your money and still do all the shit to you. I wouldn't trust them, especially when they seem like a total retards trying to extort one-man operations.