last night I have received a call from my boss saying billing system isn’t functional. I have checked and it gave a license key not found error message. I thought it was something like I forgot to pay and license got expired. So I logged to whmcs web site and it gave me the typical “Couldn’t connect to database” mysql database error. I thought okay they might be doing some changes and it will eventually come online. But the next time when I took a look at whmcs web site few minutes after, it was fully offline and it came to my mind that something isnt right. So I have checked Webhostingtalk and the big news was about WHMCS getting hacked about an hour ago.
At the moment WHMCS web site is offline but their blog is up! On there founder of the software “Matt” says that, the attack was not done by any kind of exploit and its solely based on social engineering
Following an initial investigation I can report that what occurred today was the result of a social engineering attack.
The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.
This means that there was no actual hacking of our server. They were ultimately given the access details.
This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself.
And the hacker even took over the official @whmcs twitter account and still he is on the control of account.
whmcs.com whole site rip is now released to whole world online and even you can even grab a copy
The brutal part of the situation is that hacker has published whmcs.com whole site copy including database and cpanel backup. Now all of our User names, Addresses, ticket info, credit card details are in a deep trouble. Matt is gone further and released potential risks on the blog
What may be at risk
1. The database appears to have been accessed
2. WHMCS.com client area passwords are stored in a hash format (as with all WHMCS installations by default) and so are safe
3. Credit card information although encrypted in the database may be at risk
4. Any support ticket content may be at risk – so if you’ve recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, we recommend changing them now.
To sum the story up, the hacker got access to matt’s email account then impersonated Matt to hostgator which was the web host of whmcs.com and got access to server. And whmcs is big money maker, sure its a million dollar company. But they just used a managed hosting account from hostgator to host their web site and billing system. They should have been put more money in to security as this is the 2nd hack within last 6 months.
Precautions if you are using whmcs
- Go ahead and change all the passwords and even ftp accounts of your server. You might have been given these info to whmcs support in the past and now these information is all over the INTERNET
- Change your email account password
- Call your bank and deactivate your credit card for few days until further resolution happens. Or ask bank about changing your security settings. If you live outside USA or UK you might tell the bank to limit your card just for your country for few days.
Last 5 posts by Ruchira
- How to setup SSH key based access on Google Compute Engine - May 23rd, 2013
- Google Compute Engine benchmarks - May 23rd, 2013
- OpenVPN Auto installer - May 23rd, 2013
- Change your DSL modems default logins now or get hacked - May 22nd, 2013
- Just another Paypal phishing attempt - May 21st, 2013