Published by expire0
Posted on May 22, 2012
If you are a customer of WHMCS , you may be sitting there wondering what happen yesterday. Well your credit card information may be at risk. WHMCS website is hosted by Hostgator.com , they are advising that you should change your password asap if you use the client area on their website. Also you may want to contact your credit card company.
Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.
To clarify, this was no hack of the WHMCS software itself, nor a hack of our server. It was through social engineering that the login details were obtained.
As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.
Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.
This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.
We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.
A little over 4 hours ago our main server was compromised. This server hosts our main website and WHMCS installation.
What we know for sure
1. Our server was compromised by a malicious user that proceeded to delete all files
2. We have lost new orders placed within the previous 17 hours
3. We have lost any tickets or replies submitted within the previous 17 hours
What may be at risk
1. The database appears to have been accessed
2. WHMCS.com client area passwords are stored in a hash format (as with all WHMCS installations by default) and so are safe
3. Credit card information although encrypted in the database may be at risk
4. Any support ticket content may be at risk – so if you’ve recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, we recommend changing them now.
Statement released from the group responsible