WHMCS Hacked

Members of the hacker group UGNazi recently stole thousands of passwords and credit card details from billing and customer support provider WHMCS.

“Attackers obtained the data after masquerading as the platform’s lead developer, Matt Pugh,” writes SC Magazine’s Darren Pauli. “Attackers managed to con the company’s hosting provider to release administrator credentials. Pugh’s details were then used to access WHMCS’ database and steal hashed customer credit card numbers and passwords, usernames and support tickets. That data along with the WHMCS control panel and web site information was dumped online in a 1.7 gigabyte cache. Links to the cache and other, smaller files were tweeted under the WHMCS Twitter account, which the attackers also hijacked.”

“According to Pugh, the hackers deleted all files on the company’s servers after the heist, including 17 hours’ worth of new orders and help tickets,” writes InfoWorld’s Ted Samson.

“A total of 500,000 records, including customer credit card details, were leaked as a result of the hack,” writes The Register’s John Leyden. “Card information was salted and hashed, but reports allege that the decryption key was stored in clear text in the root directory of WHCMS’s compromised server and also leaked. The billing firm warned that ‘credit card information although encrypted in the database may be at risk.’ Password records, by contrast, ought to be safe but WHCMS still recommends a password refresh as a precaution.”

“WHMCS has since handed over the investigation to the U.S. FBI and maintains it will soon migrate to a new setup,” THN News reports.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles