Jump to content
Sign in to follow this  
jasonmccurry

WHMCS.com Hacked?

Recommended Posts

The forum linked to images on the main whmcs site. You should hopefully find the forum is loading correctly again

Share this post


Link to post
Share on other sites

I guess it is best to cancel the card stored on your system.

 

If they've got the DB, I'll assume they have the encryption key too.

Share this post


Link to post
Share on other sites
The forum linked to images on the main whmcs site. You should hopefully find the forum is loading correctly again

 

Is my personal data safe?

 

What about all my login details?

Paypal? enom? our own WHMCS install?

Share this post


Link to post
Share on other sites

Probably not.

 

Your login details, if you've given them to WHMCS, should be changed immediatlely.

 

None of the information in your WHMCS without this is at risk.

Share this post


Link to post
Share on other sites

WHMCS really need to address this and let us know if any personal information has been jeopardised. Hopefully WHMCS will release an official statement about it soon.

Share this post


Link to post
Share on other sites
WHMCS really need to address this and let us know if any personal information has been jeopardised. Hopefully WHMCS will release an official statement about it soon.

 

Heh.. They will have to actually fix the issue first. IMO, dont worry about notifying people, sending out updates, whatever. Fix the problem before it gets worse, then let us know what happened.

 

Proper security audits after an attack take time.

Share this post


Link to post
Share on other sites

I would like to assure everyone we're doing everything we can to identify what has happened here, exactly what's been taken, and get things back online. We will provide further updates as soon as we have them.

 

Matt

Share this post


Link to post
Share on other sites

Hi Matt,

 

Can't find the best way to contact you other than this. If you need any assistance or anything at all please contact me and I'll see what I can do albeit a server, hosting etc.

 

James Greig

Non corporate email under the circumstances: - email: jaygreig86@gmail.com

Share this post


Link to post
Share on other sites

Please prioritize the license server. We can't login to the Administration area currently.

Share this post


Link to post
Share on other sites

Only the header is broken since that points to whmcs.com The box resolves to a other IP

Share this post


Link to post
Share on other sites

reason I ask is because my forum session timed out and when I logged back in it asked me to click on some weird characters. - looked a bit suspicious!!

Share this post


Link to post
Share on other sites

/https://twitter.com/#joshthegod

 

/https://twitter.com/#ugnazi

 

WHMCS your database has been stolen according to the people that hacked you ugh these guys are idiots.

Share this post


Link to post
Share on other sites

Matt don't be stupid here,

 

just tell us are our credit card details safe, are they encrypted, if yes, is that encryption breakable ?

 

the worrying part is they are going to leak your WHMCS database which includes a ****lin huge list of WHMCS clients, and we are gonna b fked up, sorry to be abusive here, but this situation is no less than epidemic breakout here.

 

Any words on banking details from you ?

Share this post


Link to post
Share on other sites

Why risk it. Cancel the card and get it re-issued.

 

Yes, names, email addresses the like may be leaked but for many that might be public "business" information anyway. The password may be reversible but this only teaches everyone to never use the same password/email combo for public sites.

 

Assume the worst and act as you would if everything was out there.

Share this post


Link to post
Share on other sites

Regardless of the database being leaked or not, change all passwords that WHMCS may have or may have had. That includes securing credit card details, possibly contacting your bank and alerting them of possible fraud or just cancel and re-issue anyway.

Be pro-active, not reactive.

Share this post


Link to post
Share on other sites

Hi Andrew,

 

Until we know for sure it would be irresponsible of us to say credit card details are safe. They are encrypted, but encryption is always reversable.

 

As per our announcement post, it is worth assuming that any details you've submitted to us via tickets are at potential risk, so if you've recently sent us login details for either WHMCS or Hosting/FTP and haven't yet changed them since that time, then it would be advisable to change those.

 

At this time there is still nothing to suggest that this compromise actually originated through the WHMCS software itself. This was not merely a WHMCS system access, and in our WHMCS, we do not have it hooked up to our server.

 

Matt

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated