WHMCS.com Hacked?

[jasonmccurry]

Is the main & client side of the site hacked, it is redirecting to some wierd site and SiteAdvisor said its a bad site?

[Nix]

holy ****...

[bear]

http://twitter.com/#!/joshthegod

[jasonmccurry]

Just found out it was a major hacking group named "Ugnazi", don't know what could of happened, the licensing server was down earlier too.

 

WebHostingTalk Thread: http://www.webhostingtalk.com/showthread.php?p=8137810#post8137810

[jasonmccurry]

Looks like they are starting to delete this forum now.

[WHMCS Andrew]

The forum linked to images on the main whmcs site. You should hopefully find the forum is loading correctly again

[XN-Matt]

I guess it is best to cancel the card stored on your system.

 

If they've got the DB, I'll assume they have the encryption key too.

[SoHoIT]

The forum linked to images on the main whmcs site. You should hopefully find the forum is loading correctly again

 

Is my personal data safe?

 

What about all my login details?

Paypal? enom? our own WHMCS install?

[XN-Matt]

Probably not.

 

Your login details, if you've given them to WHMCS, should be changed immediatlely.

 

None of the information in your WHMCS without this is at risk.

[Justine]

WHMCS really need to address this and let us know if any personal information has been jeopardised. Hopefully WHMCS will release an official statement about it soon.

[laszlof]

WHMCS really need to address this and let us know if any personal information has been jeopardised. Hopefully WHMCS will release an official statement about it soon.

 

Heh.. They will have to actually fix the issue first. IMO, dont worry about notifying people, sending out updates, whatever. Fix the problem before it gets worse, then let us know what happened.

 

Proper security audits after an attack take time.

[Matt]

I would like to assure everyone we're doing everything we can to identify what has happened here, exactly what's been taken, and get things back online. We will provide further updates as soon as we have them.

 

Matt

[jameshostit]

Hi Matt,

 

Can't find the best way to contact you other than this. If you need any assistance or anything at all please contact me and I'll see what I can do albeit a server, hosting etc.

 

James Greig

Non corporate email under the circumstances: - email: jaygreig86@gmail.com

[niels]

Please prioritize the license server. We can't login to the Administration area currently.

[SoHoIT]

forum compromised too now??

[WHMCS John]

Hi,

Whilst the forums and documentation are hosted separately from our website the images/css are linked from there so until that's restored it won't be pretty but still functional.

 

Please refer to the following thread for updates: http://forum.whmcs.com/showthread.php?t=47644

[Huib]

Only the header is broken since that points to whmcs.com The box resolves to a other IP

[SoHoIT]

reason I ask is because my forum session timed out and when I logged back in it asked me to click on some weird characters. - looked a bit suspicious!!

[darksuntr]

/http://freeaccount.myorderbox.com

 

page does not open

[skull87]

/https://twitter.com/#joshthegod

 

/https://twitter.com/#ugnazi

 

WHMCS your database has been stolen according to the people that hacked you ugh these guys are idiots.

[DeanC]

Your twitter has been compromised too.

[Andrew-FH]

Matt don't be stupid here,

 

just tell us are our credit card details safe, are they encrypted, if yes, is that encryption breakable ?

 

the worrying part is they are going to leak your WHMCS database which includes a ****lin huge list of WHMCS clients, and we are gonna b fked up, sorry to be abusive here, but this situation is no less than epidemic breakout here.

 

Any words on banking details from you ?

[XN-Matt]

Why risk it. Cancel the card and get it re-issued.

 

Yes, names, email addresses the like may be leaked but for many that might be public "business" information anyway. The password may be reversible but this only teaches everyone to never use the same password/email combo for public sites.

 

Assume the worst and act as you would if everything was out there.

[Moc]

Regardless of the database being leaked or not, change all passwords that WHMCS may have or may have had. That includes securing credit card details, possibly contacting your bank and alerting them of possible fraud or just cancel and re-issue anyway.

Be pro-active, not reactive.

[Matt]

Hi Andrew,

 

Until we know for sure it would be irresponsible of us to say credit card details are safe. They are encrypted, but encryption is always reversable.

 

As per our announcement post, it is worth assuming that any details you've submitted to us via tickets are at potential risk, so if you've recently sent us login details for either WHMCS or Hosting/FTP and haven't yet changed them since that time, then it would be advisable to change those.

 

At this time there is still nothing to suggest that this compromise actually originated through the WHMCS software itself. This was not merely a WHMCS system access, and in our WHMCS, we do not have it hooked up to our server.

 

Matt