last night I have received a call from my boss saying billing system isn’t functional. I have checked and it gave a license key not found error message. I thought it was something like I forgot to pay and license got expired. So I logged to whmcs web site and it gave me the typical “Couldn’t connect to database” mysql database error. I thought okay they might be doing some changes and it will eventually come online. But the next time when I took a look at whmcs web site few minutes after, it was fully offline and it came to my mind that something isnt right. So I have checked Webhostingtalk and the big news was about WHMCS getting hacked about an hour ago.
At the moment WHMCS web site is offline but their blog is up! On there founder of the software “Matt” says that, the attack was not done by any kind of exploit and its solely based on social engineering
Following an initial investigation I can report that what occurred today was the result of a social engineering attack.
The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.
This means that there was no actual hacking of our server. They were ultimately given the access details.
This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself.
And the hacker even took over the official @whmcs twitter account and still he is on the control of account.