New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Blesta Hacked - Ransom Gang Threatens to Release Customer Details Tomorrow
raindog308
Administrator, Veteran
in General
https://lowendbox.com/blog/blesta-hacked-ransom-gang-threatens-to-leak-customer-details-tomorrow/
Possible it's just Blesta's email servers and not their entire environment.

Comments
First
was it the canadians again
Blesta released a statement, I highly recommend including that in your panic blog / post.
This is going to become commonplace. If cPanel had serious vulnerabilities, just imagine DirectAdmin and Blesta, it’s only a matter of time before they’re exploited. I wouldn’t be at all surprised if many of them had critical vulnerabilities that were never patched. With artificial intelligence on the rise and AI-driven attacks becoming more common, it’s only a matter of time, it won’t be long before chaos sets in.
Even if nothing has been “compromised” yet, things are moving in that direction.
Where? I’ve already had a look on their website and can’t see anything on the blog...
Dear Customer,
We are writing to inform you of a security incident affecting portions of our internal infrastructure.
On June 25, we created a temporary support account for a third-party virtualization software vendor in connection with an active support request. We have since determined that an unauthorized party gained access using those credentials before the account password was changed that evening. The incident is currently under active investigation.
The unauthorized individual used that access to send an email through our customer portal to a limited number of customers claiming that our systems had been compromised and threatening to publish customer data unless a ransom was paid. That email was unauthorized and was not an official communication from Blesta.
Upon discovering the unauthorized activity, we immediately disabled the affected account, secured impacted systems, revoked unauthorized access, preserved forensic evidence, and began a comprehensive forensic investigation into the scope of the incident.
Our investigation remains ongoing. We are reviewing system logs, server images, and other forensic evidence to determine what systems and information may have been accessed. Many people are asking if their Blesta installations are safe. At this time, we have found no evidence that the incident involved a vulnerability in the Blesta software itself.
We understand that this incident is concerning, and we sincerely apologize for the uncertainty it has caused. We are committed to keeping our customers informed throughout the investigation and will provide additional updates as verified information becomes available. If we determine that any customer-specific action is necessary, we will contact affected customers directly.
If you have any questions, please contact our support team.
Thank you,
The Blesta Team
GLWS
Which providers use Blesta?
IF I'm not wrong:
@MivoCloud
@ManishPant aka @kuroit
Knownhost.com - @ChrisMiller ?
Naah buddy we use WHMCS
Hostbrr, HostCram @Shakib , @systemfreaks they use Blesta
THATS EXACTLY WHAT THEYD SAY INNIT
Blesta Fiesta. Who uses those shit panels today just deserve to be pwned.
Define chaos. A bunch of stuff will get rooted causing a bunch of sad faces. For a while the rate increases and after that it falls off again. Exploitable bugs are a finite resource. Being able to locate more doesn't change that. Even factoring in that new ones would be added regularly (which might or might not be the case depending on the specific project) there isn't enough supply to keep any kind of scary pace.
I don't have any meaningful data with blesta.com to begin with.
My license was brought from a reseller and later moved to blesta.com directly. They just have my public contact information and the IPv4 address where our Client Portal is hosted.
I change cards every month.
We actually use both Blesta and WHMCS , and our own control panel, strange no email from blesta was received
>
I haven't worked for KH in just over 7 years. I've been at WebPros for the last few.
But I passed this on.
I'm sure the people who signed up using their real details are not very happy right now.
FOSSBilling is free and open-source!
Empower your hosting business with FOSSBilling, the free and open-source solution for efficient billing and client management.
https://github.com/FOSSBilling/FOSSBilling
I didn't received any email from Blesta as well so seems like it was very small ammount of accounts
just don't do AI vibe coding and you will be ok
Looks like a bad actor at webpro's took advantage of being in Blesta's internal system.
hmmm. safe.
Absence of evidence is not evidence of absence.
I think it is very fair to say we run most stuff on the basis of absence of evidence.
Notable exceptions are of course some core math (crypto) stuff where there is proper formal proof but that still requires implementation details needing scrutiny.
Sure, but in this circumstance, we're talking about an agent which benefits from downplaying the severity of what happened, so whatever they say should probably be taken in the most pessimistic light possible. After all, if they have no clue what happened and are still investigating, the statement that they have no evidence that their software was compromised is true.
Unless they found the actual attack vector (and they probably would have stated that if they had) or have done an extremely comprehensive audit of their code (which is highly unlikely), then their statement is of little value.
I lost lifetime license over a year, despite showing them proof of payment and initial email blesta staff claim it's others license and refused to communicate. Hope some insider active too long
Let's see does my email and details in list. Waiting 🫢
As someone who has a blesta account i did not get the spam mail, just their response mail. But I haven't bought/paid for anything from them since 4 years + ago
The thing is it's not Blesta itself.
What happened is Paul needed help with an issue with SolusVM, they wanted access, Paul made a SolusVM account for them to access and that account was used to blackmail Blesta. The question is was it a SolusVM (WebPro) employee or an exploit with SolusVM.
It's all confusing as until we find out how.
Can I just say WHMCS back in 2013 had a massive zero day exploit because they re-wrote the global PHP function, would you say anything about people using WHMCS? their code is still encoded so you can't see if they've improved their code since then. WHMCS, SolusVM, cPanel are all owned by WebPros.
Paul on discord said this:
"The one I sent went to more people, the unauthorized one went to about 600"
"They tried to send to all but it failed part way through"
I'm assuming they hit the MailGun limits.
Every software can, and will, have vulnerabilities - no argument about this simple axiom.
But when it becomes a yearly pattern - this is where the problem starts. Sure, you can try
and patch it on time, but the question about the quality is still there.