It seems someone pulled a bitcoinicon on WHMCS recently.
It is rumoured and believed that Matt’s email account was hacked and hence the hackers gained access to the server details and the Twitter account at the same time. Nothing has been done so far to get the twitter account back, although WHMCS is back online after being hacked and defaced with a DDoS attack.
It is advised that all companies using WHMCS installations should either bring it offline or protect their /admin/ folder by configuring IPs (this MAY save your WHMCS installation IF it there is still a vulnerability in WHMCS as the hackers stated earlier)
WHMCS is a popular billing software used by most of the small to medium scale hosting companies. The intruder gained access to the servers using “social engineering attack”. There are approx half a million (500,000) user records with Credit Card info leaked online.
“Following an initial investigation I can report that what occurred today was the result of a social engineering attack. The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions, And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details. This means that there was no actual hacking of our server. They were ultimately given the access details.” Matt Pugh explained.
It is also worth mentioning that the WHMCS twitter account was also taken over by the hackers.
It is rumoured and believed that Matt’s email account was hacked and hence the hackers gained access to the server details and the Twitter account at the same time. Nothing has been done so far to get the twitter account back, although WHMCS is back online after being hacked and defaced with a DDoS attack.
Hackers told Softpedia that they can easily decrypt password and they gained access to the servers using “social engineering and injections”.
It is advised that all companies using WHMCS installations should either bring it offline or protect their /admin/ folder by configuring IPs (this MAY save your WHMCS installation IF it there is still a vulnerability in WHMCS as the hackers stated earlier)
