gOOvER Posted May 22, 2012 Share Posted May 22, 2012 WHMCS should send out IMMEDIATELY the list of credit cards that were in the database to the corresponding issuer and make sure those cards are to be cancelled ASAP. My programmers successfully retrieved all CC data from the leaked DB. These cards have to be cancelled ASAP. +10000 WHMCS is liable for the unauthorized debits to CC's. If you don#t live in the EU. Please infom your slfe BEFORE posting something senseless WHMCS is located in th UK, if you don#t know it Link to comment Share on other sites More sharing options...
Iceman Posted May 22, 2012 Share Posted May 22, 2012 Hostgator didn't breach any security, they did what anyone would have done. ... and of course you know all this first hand because you were there and heard the conversation and/or what transpired. You may be right. You may also be incorrect. Did you even consider the latter? Link to comment Share on other sites More sharing options...
dotter Posted May 22, 2012 Share Posted May 22, 2012 +10000 WHMCS is liable for the unauthorized debits to CC's. If you don#t live in the EU. Please infom your slfe BEFORE posting something senseless WHMCS is located in th UK, if you don#t know it I don't want WHMCS to fail. And I'm not entertained by what happened. Link to comment Share on other sites More sharing options...
mikie Posted May 22, 2012 Share Posted May 22, 2012 WHMCS was not PCI compliant which is where the disgust should be directed. Not at the angry customers and the handling of their data. Same reason why Sony is being sued for millions by tens of thousands. You should have seen what we had to do to pass PCI Compliancy. It was an absolute joke. Tedious and time consuming. WHMCS will not only be fined but they may lose their ability to accept credit cards all together. Not that it would be such a horrible thing, but they will have to pay heavy fines with suspension. If their db was hosted at Hostgator then its HG that is responsible to answer that PCI compliancy and how they passed in the first place. Link to comment Share on other sites More sharing options...
twhiting9275 Posted May 22, 2012 Share Posted May 22, 2012 I don't want WHMCS to fail. And I'm not entertained by what happened. I said the same thing 3 years ago. Then, after every other 'hack'. Now, I hate to say it, but this company deserves to burn for what they put their customers through, due to greed. That's all it was, just greed. You should have seen what we had to do to pass PCI Compliancy. It was an absolute joke. Tedious and time consuming. Good Lord, tell me about it. I've been through this with a number of clients, including a shopping card (who doesn't store card info BTW, or allow their clients to do so). Nightmare city, that's all I have to say there If their db was hosted at Hostgator then its HG that is responsible to answer that PCI compliancy and how they passed in the first place. Incorrect At the end of the day, it is WHMCS who is responsible for their compliance. Hostgator has no responsibility for WHMCS or their PCI status. They make no claims of PCI compliance, or guarantees of it. It is always on the customer to ensure they follow proper guidelines, mandates, and procedures. Link to comment Share on other sites More sharing options...
Si Posted May 22, 2012 Share Posted May 22, 2012 Oh, believe me, I've started the process, as well as reported this flagrant breach of security to their credit card processor (which happens to be mine as well). Let the fines come in, they're gonna need a few dump trucks to handle all the cash they'll be handing out this time. Seriously, this is a FANBOY talking. (as I've been labelled). 1) Who (if anyone) has experienced 1 single transaction debited fraudulently from their card? 2) You have had as much time as all of us to change passwords, block cards etc. 3) Some of you seem to have nothing but contempt for the hand that has fed you? My conclusion has to be that you have nothing much of a business to lose. Whether you like it or not, the mature approach to this is that WHMCS is a partner in YOUR business. For those that keep quoting the Sony episode, that's the difference here. The people caught up in that weren't in partnership with them, they were customers who had no vested interest in the company. As WHMCS customers you should have. If not.....WHY NOT? Yes, you might want to move somewhere else. Yes you might want to put in a claim - but can anyone actually state on this forum as a matter of public record that they have actually been the victim of a fraud? If you have and can: also include the time that it happened. Honestly, this has inconvenienced so many and for those that label me and others a FANBOY, WHMCS pay me nothing, I'm just in partnership with them and would rather see them survive this and learn from it. For people who are supposed to be business people, there are many (thankfully not all) here, who are negative minded, self-destructive and apparently incapable of seeing the big picture. I'm glad many of you are not in my business. Onwards and upwards guys.......seriously. Link to comment Share on other sites More sharing options...
b0r3d Posted May 22, 2012 Share Posted May 22, 2012 I said the same thing 3 years ago. Then, after every other 'hack'. Now, I hate to say it, but this company deserves to burn for what they put their customers through, due to greed. That's all it was, just greed. Good Lord, tell me about it. I've been through this with a number of clients, including a shopping card (who doesn't store card info BTW, or allow their clients to do so). Nightmare city, that's all I have to say there Incorrect At the end of the day, it is WHMCS who is responsible for their compliance. Hostgator has no responsibility for WHMCS or their PCI status. They make no claims of PCI compliance, or guarantees of it. It is always on the customer to ensure they follow proper guidelines, mandates, and procedures. twhiting9275 - It seems many do not understand what it means to be PCI-Compliant. Strict guidelines and then the testing. Too many are in state of mind where as "It's WHMCS they are our friend". Credit cards online aren't a joke. It's not a "Ah well, it was stolen, call the banks and get a new one". They'll eventually tell you to bugger off if you keep entrusting with a company who continues to get hacked. The fanboys seem to think some hate Matt. None of us at least most of us don't hate Matt, but i dislike how he has decided to choose money over security. I was jaw dropped when i heard this business earning this money was at hostgator. All that said, WHMCS is obviously no matter how much testing not safe from everyone. Even the best can be hacked in to. Problem here was how it happened. Like one user said to you twhiting9275, go elsewhere then. Hostgator could say the same, does that make it right? No. Earning the money it has, it should have been at the very least co-located with 1 dedicated admin 24\7. Bluehost i believe it was, when they first started in the industry were in the process of getting hacked, their entire rack. Admin had to call in quickly and have the entire rack shutdown (pull the plug) before all data was lost. It happens, yes, it's how you handle it the first time, not the 2nd time or the 3rd time. Link to comment Share on other sites More sharing options...
gOOvER Posted May 22, 2012 Share Posted May 22, 2012 (edited) 2) You have had as much time as all of us to change passwords, block cards etc. Who pay me this Time, which i have to spend, because of an incompetent Admin of WHMCS?? Do you mean WHMCS Does this?? As i said before. If you get's no money for your Time; your problem. My time is expensive AND i don't want to spent time for incompetnce of an Lazy admin Easy Calculation: If WHMCS don't get hacked i don't need to spend time for changing PW's, CC, etc. Edited May 22, 2012 by gOOvER Link to comment Share on other sites More sharing options...
Si Posted May 22, 2012 Share Posted May 22, 2012 Who pay me this Time, which i have to spend, because of an incompetent Admin of WHMCS?? Do you mean WHMCS Does this?? As i said before. If you get's no money for your Time; your problem. My time is expensive AND i don't want to spent time for incompetnce of an Lazy admin Build inconveniences into your cost base. It's basic stuff in a business plan. What happens when one of your own servers crash? Honestly guys, this is nonsensical. Link to comment Share on other sites More sharing options...
merlinpa1969 Posted May 22, 2012 Share Posted May 22, 2012 Sorry, but in this Company Size, this should not happend. Thats an ambitious statement, take a look here http://news.softpedia.com/newsTag/UGNazi Im Sure that Comcast, the Govt of Anguilla and MANY others are Bigger than WHMCS. Not a whmcs cheerleader by any stretch but just wanted to point out that your statement was a little off Link to comment Share on other sites More sharing options...
b0r3d Posted May 22, 2012 Share Posted May 22, 2012 Seriously, this is a FANBOY talking. (as I've been labelled). 1) Who (if anyone) has experienced 1 single transaction debited fraudulently from their card? THIS is your argument??????? You've got to be kidding me. The numbers are in the wild right now. Available. Period, point blank, done. Doesn't matter if it's happened "yet". And Si, you are NOT in partnership with WHMCS just because you use their software. You pay for the software, thats it. End of story. I pay my hydro/electricity off my credit card, if they loose it, i should what, take your approach because i'm in partnership because i utilize the electricity? It makes no sense. End of the day, we are not "partnered" with WHMCS, if so all of our businesses would be listed on their site. We are their customer. Exactly the same way each customer of Sony purchased a video game console and video games licensed to their use only. Each dvd or video game you buy is licensed to the purchaser. Different senario, same game. Link to comment Share on other sites More sharing options...
twhiting9275 Posted May 22, 2012 Share Posted May 22, 2012 #1: It doesn't matter, it's only been 12 hours #2: blocking cards are not as simple as you make it out to be. People depend on those cards for business functions,and you can't simply just drop a card and swap it out for another . That process takes 10 days. #3: This has nothing to do with 'the hand that fed us'. This has everything to do with utter greed and incompetence. Onwards and upwards? Really? Sounds good. How, exactly has WHMCS moved upwards in the past 3 years since the first time this happened? Oh yeah, they haven't. How exactly have they proved they are protecting our data? Oh yeah, they haven't. How exactly have they proved they can provide secured servers? Oh yeah, they haven't. How exactly have they proved they follow industry standards? Oh yeah, they haven't. The reality is that WHMCS has abandoned their customers here, for greed. There's no other excuse, no other reason, it's pure and simple greed Link to comment Share on other sites More sharing options...
Justine Posted May 22, 2012 Share Posted May 22, 2012 Think I'm gonna avoid this thread like the plague and just keep an eye on official updates now. It's resorting to school kid style behaviour now. I'm surprised so many have the time to waste on this thread going over the same old ground and arguing the same points. Link to comment Share on other sites More sharing options...
rodeoXtreme Posted May 22, 2012 Share Posted May 22, 2012 Sorry, but in this Company Size, this should not happend. And when i think about, how they come into system. Sorry Guys. I don't trust WHMCS longer. I've been looking for alternatives for WHMCS, because with this hack, i have more work, to change everything. I HOPE, WHMCS GIVE's A compensation for this useless Hack !!!!! If not, i say goodbye to WHMCS and i will also recommend all User's which using WHMCS, to use an other Billing Solution. I'*m not really willing, to pay an other Update Fee, for such an incompetend Team As the HAcking Group said" You're be warned" I Think, the WHMCS Team become BEFORE HACK a Warning, what to fix. I only know this in this Way. AND THEY IGNORE IT!!!! I downloaded all; DB, WebSite, etc. And i'm appalled, what you can do with this. WHMCS TEAM, THINK ABOUT YOUR PASSWORDS AND MAKE SUCH shitty HostGAtor Account SAFITIER. OR Use an own Server, not this **** HostGator Are you serious, you actually believe anything these CRIMINALS have said? Hostgator violated Requirement 8 of PCI-DSS not WHMCS. WHMCS servers were compromised as a result of hostgator; in addition, twitter facilitated the crime by not taking down the information or the account. A boy in New Jersey was just convicted for manslaughter (I believe) because he released a sex tape of his roommate and his roommate killed himself. At this point, everyone should midigate their risk; stop looking for another reason for blame. UGnazi are the guilty party; that is the only thing that I believe about them. I hope that either the Russian Mafia finds them before law enforcement; since they will be made an example or law enforcement will get them and slap them on their little baby hands. Link to comment Share on other sites More sharing options...
WebsiteIntegrations Posted May 22, 2012 Share Posted May 22, 2012 Who pay me this Time, which i have to spend, because of an incompetent Admin of WHMCS?? Do you mean WHMCS Does this?? As i said before. If you get's no money for your Time; your problem. My time is expensive AND i don't want to spent time for incompetnce of an Lazy admin Easy Calculation: If WHMCS don't get hacked i don't need to spend time for changing PW's, CC, etc. Well all the time you've wasted posting here for free you could have been doing something productive and changed your passwords and your credit card info ... Link to comment Share on other sites More sharing options...
b0r3d Posted May 22, 2012 Share Posted May 22, 2012 Think I'm gonna avoid this thread like the plague and just keep an eye on official updates now. It's resorting to school kid style behaviour now. I'm surprised so many have the time to waste on this thread going over the same old ground and arguing the same points. Though i agree with you and i've unfortunately joined in on it, you've also said this twice now. Link to comment Share on other sites More sharing options...
gOOvER Posted May 22, 2012 Share Posted May 22, 2012 (edited) Build inconveniences into your cost base. It's basic stuff in a business plan.What happens when one of your own servers crash? Honestly guys, this is nonsensical. Then it crash. This is planned. I get a new server in 20 min's , import Backup. But it's not planed, that a Company get hacked, because of the possibility of save monney (And before discuss; read latest Post in News from matt; he want's to change Infrastrucre, but he don't so it). But this sentence i read after ever y Hack Spending this time after hack, is not my fault. Also WHY storing WHMCS all the CreditCards??? Next Question Edited May 22, 2012 by gOOvER Link to comment Share on other sites More sharing options...
Si Posted May 22, 2012 Share Posted May 22, 2012 THIS is your argument??????? You've got to be kidding me. The numbers are in the wild right now. Available. Period, point blank, done. Doesn't matter if it's happened "yet". My credit card numbers in the world can sit on 1 million fraudsters desks, but if I've stopped the card the numbers are worth diddly squat. Have you stopped your card? And Si, you are NOT in partnership with WHMCS just because you use their software. You pay for the software, thats it. End of story. I would disagree there. I'm in partnership with them because they were my chosen partner 5 years ago for my billing and support software. Since then they have supported me and my business in return for a monthly fee. For that, I've had support, troubleshooting, and api development/help. That's a partnership. I pay my hydro/electricity off my credit card, if they loose it, i should what, take your approach because i'm in partnership because i utilize the electricity? It makes no sense. So you resell electricity then for a living? Of course not. There is a vast difference. If you want to chase WHMCS for recompense, do it through the correct channels. Just stop the public whining and be constructive to the community here. End of the day, we are not "partnered" with WHMCS, if so all of our businesses would be listed on their site. We are their customer. Exactly the same way each customer of Sony purchased a video game console and video games licensed to their use only. Each dvd or video game you buy is licensed to the purchaser. Different senario, same game. Hmmm....don't follow your logic at all. Sorry. Have you had money taken from your card? Link to comment Share on other sites More sharing options...
twhiting9275 Posted May 22, 2012 Share Posted May 22, 2012 Hostgator violated Requirement 8 of PCI-DSS not WHMCS. wrong Hostgator violated nothing . Yes, they're a cheap company, but they violated nothing. Someone passed the security tests and they were given the information needed. At this point, everyone should midigate their risk; stop looking for another reason for blame. UGnazi are the guilty party; that is the only thing that I believe about them. UGnazi are guilty only of downloading information and making it available to the world WHMCS is guilty of not following industry standards here. Link to comment Share on other sites More sharing options...
Si Posted May 22, 2012 Share Posted May 22, 2012 Well all the time you've wasted posting here for free you could have been doing something productive and changed your passwords and your credit card info ... Exactly. Well put. Link to comment Share on other sites More sharing options...
gOOvER Posted May 22, 2012 Share Posted May 22, 2012 Well all the time you've wasted posting here for free you could have been doing something productive and changed your passwords and your credit card info ... No, this is freetime, this posting here Please, i organise my time myselfe. See last Post from me. WHMCS get hacked. i have the work with i, because of incompetece of an Server Admin That's two pairs of shoes Link to comment Share on other sites More sharing options...
Si Posted May 22, 2012 Share Posted May 22, 2012 wrongHostgator violated nothing . Yes, they're a cheap company, but they violated nothing. Someone passed the security tests and they were given the information needed. UGnazi are guilty only of downloading information and making it available to the world WHMCS is guilty of not following industry standards here. same old same old repetitive. None of this is news......and it adds nothing to help. Link to comment Share on other sites More sharing options...
eversonj90 Posted May 22, 2012 Share Posted May 22, 2012 (edited) I've just had to recompile the leaked database to establish just how affected I am personally - 7 different accounts, phone numbers, addresses, payment transactions - fortunately no credit cards. However, 12,735 (quick SQL result to find clients with last 4 card numbers in db) individuals with card details stored are not so lucky. One of whom is my friend that I recommended WHMCS too. Oh boy, not impressed. WHMCS is not all to blame in this but a better relationship with a new host who observes proper and custom security protocols is a must. Social engineering scams are a reality but they're never fun on the receiving end. Edited May 22, 2012 by eversonj90 Oh wait... turns out 7 accounts Link to comment Share on other sites More sharing options...
merlinpa1969 Posted May 22, 2012 Share Posted May 22, 2012 When i read this: "We have reported these sites to WHMCS before and they did not take any action whatsoever to stop the illegal activity. By releasing their files, we wanted to make it known that we are watching; and will continue to be watching.” Matt, be glad, that you not are living in Germany. The you would get bust. The Hacker Inform you, and you do nothing. They told you about Leaks, and you don't do anything. That's really poor. You may want to read that article again http://news.softpedia.com/news/UGNazi-Leaks-1-7-GB-of-Data-from-WHMCS-Servers-270914.shtml UGNazi said that they reported that spammers and hackers were using their software and whmcs chose not to do anything about it, not that they told them about flaws.... I wonder whats next are they gonna hack Micorshaft for providing the operating system that the script kiddies use to create their BS bots Link to comment Share on other sites More sharing options...
Si Posted May 22, 2012 Share Posted May 22, 2012 No, this is freetime, this posting here Please, i organise my time myselfe. See last Post from me. WHMCS get hacked. i have the work with i, because of incompetece of an Server Admin That's two pairs of shoes Can I ask.....how old are you please? Age = ? Link to comment Share on other sites More sharing options...
Recommended Posts