“Attackers obtained the data after masquerading as the platform’s lead developer, Matt Pugh,” writes SC Magazine’s Darren Pauli. “Attackers managed to con the company’s hosting provider to release administrator credentials. Pugh’s details were then used to access WHMCS’ database and steal hashed customer credit card numbers and passwords, usernames and support tickets. That data along with the WHMCS control panel and web site information was dumped online in a 1.7 gigabyte cache. Links to the cache and other, smaller files were tweeted under the WHMCS Twitter account, which the attackers also hijacked.”
“According to Pugh, the hackers deleted all files on the company’s servers after the heist, including 17 hours’ worth of new orders and help tickets,” writes InfoWorld’s Ted Samson.
“A total of 500,000 records, including customer credit card details, were leaked as a result of the hack,” writes The Register’s John Leyden. “Card information was salted and hashed, but reports allege that the decryption key was stored in clear text in the root directory of WHCMS’s compromised server and also leaked. The billing firm warned that ‘credit card information although encrypted in the database may be at risk.’ Password records, by contrast, ought to be safe but WHCMS still recommends a password refresh as a precaution.”
“WHMCS has since handed over the investigation to the U.S. FBI and maintains it will soon migrate to a new setup,” THN News reports.