GreatResponder.com on May 22, 2012 : Web hosting billing and customers tech support company WHMCS was hacked and remains offline since yesterday. Web hosting billing company WHMCS considered as the main source of billing systems for many web hosting providers globally. It was really big shock to WHMCS users as it was offline. Hackers tricked WHMCS’s hosting firm into handing over admin credentials to its servers. The group who hacked is UGNazi who extracted the billing company’s database before deleting files, essentially trashing the server and leaving services offline. Then they hacked WHMCS’s Twitter account, where the web hosting billing provider tweets the adv and post and give links to to the billing firm’s customer records and other sensitive data which can be downloaded easily.
The Hacks justified the attack that WHMCS offered services to shady characters, via an update to WHMCS’s compromised Twitter feed: Many websites use WHMCS for scams. You ignored our warnings. We spoke louder. We are watching; and will continue to be watching. #UGNazi. WHMCS has yet to regain control of its Twitter feed.
As a result a total of 500,000 records, including customer credit card details, were leaked. Card information was salted and hashed, but reports allege that the decryption key was stored in clear text in the root directory of WHCMS’s compromised server and also leaked. The billing firm warned that “credit card information although encrypted in the database may be at risk”. Password records, by contrast, ought to be safe but WHCMS still recommends a password refresh as a precaution.
The web hosting billing company posted a blog post explained the attack t and apologized to customers for the inconvenience situation cause by an interruption in their services. A spokesman wrote:
“Following an initial investigation I can report that what occurred today was the result of a social engineering attack. The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details. This means that there was no actual hacking of our server. They were ultimately given the access details. This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself. We are immediately reviewing all of our hosting arrangements, and will be migrating to a new setup at the earliest opportunity”.