Alert: WHMCS Hosting account compromised.

Published by

Posted on May 22, 2012

If you are a customer of WHMCS , you may be sitting there wondering what happen yesterday. Well your credit card information may be at risk.  WHMCS website is hosted by , they are advising that you should change your password asap if you use the client area  on their website. Also you may want to contact your credit card company.


Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.

To clarify, this was no hack of the WHMCS software itself, nor a hack of our server. It was through social engineering that the login details were obtained.

As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.
Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.

This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.

We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.


Forum post

A little over 4 hours ago our main server was compromised. This server hosts our main website and WHMCS installation.

What we know for sure

1. Our server was compromised by a malicious user that proceeded to delete all files
2. We have lost new orders placed within the previous 17 hours
3. We have lost any tickets or replies submitted within the previous 17 hours

What may be at risk

1. The database appears to have been accessed
2. client area passwords are stored in a hash format (as with all WHMCS installations by default) and so are safe
3. Credit card information although encrypted in the database may be at risk
4. Any support ticket content may be at risk – so if you’ve recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, we recommend changing them now.



Statement released from the group responsible

  1. The reason for the hack and database leak of the WHMCS was due to the vulnerability WHMCS and “Matt” have. As most of you know the database contains credit cards, Really? Yup. WHMCS, the number 1 Web Hosting Client management company stores your credit card on Hostgator’s servers. By Matt hosting this huge domain on Hostgator he made himself and his domain very insecure and that is why we took action and did what we did. It is now 2 days after the attack from us and the site is back up and it still remains on Hostgator after Matt knows it is insecure. Well Matt, guess what… Here at UGNazi We laugh at your security. By releasing your files, we wanted to make it known that we are watching; and will continue to be watching. Stay Frosty.- Cosmo#UGNazi #whoswidme