WHMCS got hacked! Users are in deep trouble as the site rip released online!

by Ruchira on May 22, 2012

last night I have received a call from my boss saying billing system isn’t functional. I have checked and it gave a license key not found error message. I thought it was something like I forgot to pay and license got expired. So I logged to whmcs web site and it gave me the typical “Couldn’t connect to database”  mysql database error. I thought okay they might be doing some changes and it will eventually come online. But the next time when I took a look at whmcs web site few minutes after, it was fully offline and it came to my mind that something isnt right. So I have checked Webhostingtalk and the big news was about WHMCS getting hacked about an hour ago.

At the moment WHMCS web site is offline but their blog is up! On there founder of the software “Matt” says that, the attack was not done by any kind of exploit and its solely based on social engineering

Following an initial investigation I can report that what occurred today was the result of a social engineering attack.

The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.

This means that there was no actual hacking of our server. They were ultimately given the access details.

This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself.

And the hacker  even took over the official @whmcs twitter account and still he is on the control of account.

whmcs.com whole site rip is now released to whole world online and even you can even grab a copy

The brutal part of the situation is that hacker has published whmcs.com whole site copy including database and cpanel backup. Now all of our User names, Addresses, ticket info, credit card details are in a deep trouble. Matt is gone further and released potential risks on the blog

What may be at risk

1. The database appears to have been accessed
2. WHMCS.com client area passwords are stored in a hash format (as with all WHMCS installations by default) and so are safe
3. Credit card information although encrypted in the database may be at risk
4. Any support ticket content may be at risk – so if you’ve recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, we recommend changing them now.

To sum the story up, the hacker got access to matt’s email account then impersonated Matt to hostgator which was the web host of whmcs.com and  got access to server. And whmcs is big money maker, sure its a million dollar company. But they just used a managed hosting account from hostgator to host their web site and billing system. They should have been put more money in to security  as this is the 2nd hack within last 6 months.

Precautions if you are using whmcs

  • Go ahead and change all the passwords and even ftp accounts of your server. You might have been given these info to whmcs support in the past and now these information is all over the INTERNET
  • Change your email account password
  • Call your bank and deactivate your credit card for few days until further resolution happens. Or ask bank about changing your security settings. If you live outside USA or UK you might tell the bank to limit your card just for your country for few days.
I'm Ruchira Sahan and all posts on this blog are completely my thoughts and writings. I love DIY and Technology. So feel free to contact me for anything about this blog and don't forget to add a comment if this blog helped you! Thanks
 WHMCS got hacked! Users are in deep trouble as the site rip released online!
Ruchira
View all posts by Ruchira

Last 5 posts by Ruchira

  • The Voice Of Hostgator.com

    Hostgator.com was hacked in 2010 which was covered up. Look on google. The techs even steal scripts from customers accounts. This was the fault of HostGator.com Lance Custen, Brent Oxley. Have fun bastards!!! getting what you deserved.

    EX EMPLOYEE: I KNOW YOUR SECRETS!!!

  • saif

    So which hosting solution is good to use please tell us about others

  • http://www.myindustry.ir Hamid

    So WHMCS got hacked and we the users got … ! Then is there any solution?

Previous post:

Next post: