Jump to content

WHMCS.com Hacked?


Recommended Posts

I contacted my Credit Card company last night. We went through the account manually and examined the transactions and balance.

 

I am not happy.

 

I am not going to soapbox here, I'm just going to say one thing:

 

My credit card was compromised as a direct result of this hack.

 

I'm having the CC company send me a full detail statement of the accounts, trace #s everything to do my own fraud investigation in cooperation with them.

 

If you had a CC in their system you need to talk to your CC company right now, if you haven't already.

Edited by Peter M Dodge
Link to comment
Share on other sites

  • Replies 525
  • Created
  • Last Reply

Top Posters In This Topic

Not to continue apparently sounding like an a$$, but anyone notice that the site itself is FLYING, despite the fact that it is jammed with traffic? Also, I notice that the Ticket system is back and operational here on whmcs.com. While you all are jabbering about how much this and that stinks, Matt is getting things DONE.

 

Good job Matt.

 

Glad he is getting things back online, but this is not the first time this has happened, most of us are concerned with what he is going to be doing going forward to make this not happen again...

 

Like following PCI compliance rules and regulations, or moving our card data from the Quantum Gateway to the Quantum Vault where they are protected from such attacks.

 

There is a history here and it is not too much for us to ask that our cards be protected when they have let us down twice now in this regard.

Link to comment
Share on other sites

anyone here knows if domain reseller information is compromised? eg: ResellerClub details and passwords, Enom, etc. Anything bought/received for free from WHMCS ?

From what is currently known, everything you shared with WHMCS via email/support tickets is compromised.

 

Remote installations have not been compromised, but very important data (like IP, path) of all remote installations has been made public.

Link to comment
Share on other sites

so that picture on there is supposedly the punk behind this?

 

Supposedly, according to this other hacker group, however I know for a fact the information they have about the CloudFlare directconnect and hosting is correct, so I don't have reason to question the personal details they also gathered.

Link to comment
Share on other sites

On a completely relevant (??) note, I just got off the phone with PayPal, and here's what they suggested.

 

Since my own business needs this card (esp. around this time of the month), it's important for me to have the card (or an alternative) on hand @ all times... For people like me, they suggested the following

 

  1. Login to Paypal
  2. Click on the 'debit card' link on the right side.
  3. Towards the top of the page, find 'Request a new card'
  4. Request a new card... [1]
  5. Wait 7-10 days
  6. When card arrives, deactivate old one, report it lost/stolen [2]

 

 

[1]This must be done under a new name, but it can be a derivative of yours. For example, Tom/Thomas/Tommy , Bill/William/Billy, etc. According to the person on the phone, this doesn't matter

 

[2]If you do wait, make sure that you keep a very close eye on your paypal transactions for the next few days. Obviously, if something comes up, let them know immediately, and report it stolen.

Link to comment
Share on other sites

Is anyone else getting emails from companies that pulled the leaked info already? Man this sucks. Changed all the PWs already but do we even know for sure they're not getting those too?

 

I have not, but it seems inevitable that there will be a typical mix of profiteers looking to make a buck off the release, and spammers who will harvest the emails in the database.

Link to comment
Share on other sites

Is anyone else getting emails from companies that pulled the leaked info already? Man this sucks. Changed all the PWs already but do we even know for sure they're not getting those too?

 

yes got 1 from AJ Online Services. reported this as spam to spamcop and to the senders server provider (RackSRV) and ISP (Virginmedia) and both are going to take action as they have used stolen information

Link to comment
Share on other sites

this has always been available by adding /?licensedebug to the end of the installation URL

not the path. but ok, all this on itself is not that important...

 

the problem I see is that if an exploit in WHMCS is discovered, the leaked DB could be used to take advantage over remote installations. it just makes things that much easier.

Link to comment
Share on other sites

yes got 1 from AJ Online Services. reported this as spam to spamcop and to the senders server provider (RackSRV) and ISP (Virginmedia) and both are going to take action as they have used stolen information

 

Good on you. Anyone who gets spam as a result of this leak should report them to their respective ISPs for both hosting and connection as it is using stolen information as noted.

 

I haven't received any yet, although it may just be that my spam filter has caught them and deleted them.

Link to comment
Share on other sites

The one I saw floated on WHT was basically profiteering: they'll secure your website which uses the "clearly insecure" WHMCS stuff for a low fee! Or something like that. The WHT thread's grown another 10 pages and I don't feel like wading through it again to find it.

Link to comment
Share on other sites

The WHT thread's grown another 10 pages and I don't feel like wading through it again to find it.

 

I stopped reading after page 30 and most of them were just repeated info as users could not be bothered to read through the other pages

Edited by easyhosting
Link to comment
Share on other sites

Really guys? If they didn't get access from hostgator then they probably would have hacked it either way. You all should blame hostgator a bit more, they gave them the details to the hackers and allowed them to get the password email. They should have not given the password to a number that wasn't Matt number.

 

Either way, whmcs probably would have been hacked either way.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated