Jump to content

WHMCS.com Hacked?


Recommended Posts

  • Replies 525
  • Created
  • Last Reply

Top Posters In This Topic

Seems they are still hosted with HostGator even though hiding behind CloudFlare, though im sure Matt and the team is handling everything with the best of their abilities but even though it's wont delete them from having the content sending HostGaters Abuse department a notice might be able to get the current links removed.

Link to comment
Share on other sites

I have friends from Russia that would be willing to remove the waste of them. They are much more efficient than the FBI. Hehe. I hope they catch these fools.

 

With all kidding aside:

 

If they were hosted by hostgator, then hg knows the account holder. I know this to be a fact because I was Justin a PCI meeting where hg had a training session regarding new accounts and hg said that ALL new accounts are verified by a salesperson.

Edited by rodeoXtreme
Link to comment
Share on other sites

According to people over at webhostingtalk the credit card details are decryptable due to the hash being available in config files. Meaning that everyone's CC details are vulnerable.

 

I only found out about this due to purchasing through LicensePal who emailed all of their customers. I have had no emails from WHMCS directly and I think it is time that all WHMCS customers were emailed so that they can make arrangements to prevent their credit cards and passwords being abused.

 

Stuff like this happens from time to time but the way you deal with it is vital. The first step should have, in my opinion, been to email all of your customers to let them know of the security breach and to warn them to take measures to prevent them being victims of fraud.

 

I can only imagine how stressful this must be for Matt and the team and of course we support them. But I think you need to work with HG and that they should seriously review their security policies. This should not be allowed to happen.

Edited by YoungL
Link to comment
Share on other sites

I would assume you are listed as well, i just checked and found myself listed too.

All information including all your address/location, name,, ip addressed, to server and license information such as licenses and location/director and ip of the licenses.

Link to comment
Share on other sites

So now they know what happened, the database has been released which includes all clients credit card numbers yet they STILL haven't emailed their customers to warn them! This is simply negligent and disgraceful behaviour. Do the right thing and email your customers!

Link to comment
Share on other sites

I stand corrected. As JFOC stated the emails are likely a queue as people are reporting to be receiving emails from WHMCS about this. I hope that WHMCS get to the bottom of this. It must be a worrying time for them.

Link to comment
Share on other sites

Well, they basically now have an IP of all WHMCS installs. Hope you all have been tightening the bolts, so to speak. I know I've been putting a few more locks on my internet door, so to speak.

 

Not that it'll keep them out if they got a hold of the source and found an exploit..

Link to comment
Share on other sites

I've downloaded the databases and can't see where they contain any credit card details (although I'm not sure I was able to open db in entirety). Can anyone confirm they have seen credit card details on the db?

Link to comment
Share on other sites

Well if you read the news feed inside of your WHMCS install, you have links to the DB, their website files, and their CPanel files.

 

DB in rar (compressed) is 64MB, but the database itself is 806MB.

WHMCS web site in rar is 249MB.

"All WHMCS files including CPanel" in rar is 1.7GB.

 

So on that note, I think they got mostly everything.

 

Also opening this in Notepad or Write makes Windows cry. I found things by uploading it to a linux box and greping everything (last name, etc).

Link to comment
Share on other sites

@desynced, since now that everyone knows their information is in the database, you should delete what you downloaded.

 

While I understand that people may have wanted to check to see if something was there, shame on anyone else that downloads it. You know what's there, so keep out of their stuff now. It's just as criminal as the people that are downloading it for mailicious activity.

Link to comment
Share on other sites

I don't understand that if the FBI is already involved, why are they allowing Twitter to release card holder data? Especially since there is an active crime. I see it like they are chasing a serial killer; would they wait and let the killer kill his next victim before making an arrest?

 

I have not downloaded the files nor do I want to. We have always used temporary passwords and a user account for 3rd party support is needed and once they are finished, we immediately change the password. This is a PCI requirement.

 

Our firm is considering filing a criminal complaint regarding the card holder data but when we spoke with our local FBI officer. they asked if an actual crime has been committed or we just lost the information - unbelievable.

 

I hope some resolution can be resolved soon.

Link to comment
Share on other sites

I reported

 

https://twitter.com/#joshthegod

 

to twitter, i cant believe they allow a known hacker group to have a twitter account. Others need to do the same, maybe we can get their acount deleted, i know it dont mean much but we cant just sit and do nothing, ya know. Maybe twitter will notify law inforcment if enough people complain and we can get them arrested, this is considered a form of piracy in my book!

 

I fully agree with your line of thinking, but IME Twitter support, especially on these kinds of issues, is virtually nonexistent. I'm not telling anyone not to report this user, just that don't be surprised if Twitter does nothing. I reported a similar user for the same thing, and I got back a BS reply that Twitter "doesn't restrict freedom of speech."

 

FYI for this very reason what happend today is why last month they support ask me for my cpanel login and ftp i refused to let them have it. Not that i dont trust whmcs, i do. But becuase of this very issue. I am so glad i never gave them my login.

 

Also why I never give out my main login details to 3rd party vendors/WHMCS addon developers, etc. If access is really needed I create a new admin account and give them that, and then delete the account after the work is done. Even that's not foolproof, but it's some measure of safety.

Link to comment
Share on other sites

Just in case this may be of use to others reading this thread, don't forget that in addition to a client area password, you have a password here for the forums, and there may be other associated with WHMCS (blog.whmcs.com, docs.whmcs.com).

 

Change them all.

 

And because forums seem to be hacked so frequently, I always use an email alias/forward for all forums, that forwards to an email I read. That way if the forum gets hacked and your email address gets sold to spammers, all you have to do is delete that alias and create a different one. A few years ago I think it was WHT that got hacked (can't remember for sure, but I think it was them). This was YEARS ago, and I still get access attempts to "forum_replies@mydomain.com", which I find morbidly amusing.

Edited by Blueberry3.14
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated