1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHMCS Main Database Compromised

Discussion in 'BlackHat Lounge' started by copxxx, May 22, 2012.

  1. copxxx

    copxxx Registered Member

    Joined:
    May 21, 2008
    Messages:
    56
    Likes Received:
    13
    Occupation:
    IT Advisor
    Location:
    Europe
    [​IMG]

    As we already know WHMCS's database has been compromised.

    Official email from WHMCS
    Interesting situation, let's see the facts.

    What we know for sure

    1. Our server was compromised by a malicious user that proceeded to delete all files
    2. We have lost new orders placed within the previous 17 hours
    3. We have lost any tickets or replies submitted within the previous 17 hours

    What may be at risk

    1. The database appears to have been accessed
    2. WHMCS.com client area passwords are stored in a hash format (as with all WHMCS installations by default) and so are safe
    3. Credit card information although encrypted in the database may be at risk
    4. Any support ticket content may be at risk - so if you've recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, we recommend changing them now.

    What do you think guys?
     
  2. acotut

    acotut Elite Member

    Joined:
    Dec 1, 2010
    Messages:
    2,294
    Likes Received:
    1,040
    Gender:
    Male
    Home Page:
    Just got this email aswell,Guess I need to change my credit card today -.-
     
  3. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872


    The data leaked included over 500, 000 compromised customers emails and ips and even credit cards.
    On top of this the twitter account of WHMC was also hacked and post several tweets, explaining also the reasons for the hack
    .
     
    Last edited: May 22, 2012
  4. copxxx

    copxxx Registered Member

    Joined:
    May 21, 2008
    Messages:
    56
    Likes Received:
    13
    Occupation:
    IT Advisor
    Location:
    Europe
    Thats what I call superb security! :tumblewee

    WHMCS couldn't afford real coders & admins as I can see.
     
  5. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,148
    They are downplaying this. It 's obvious that since the attackers had full access, they didn't get the just db, they also snatched the code that decrypts the encrypted data ;)
     
  6. caspka

    caspka Registered Member

    Joined:
    Oct 13, 2011
    Messages:
    59
    Likes Received:
    19
    social engineering---I don't buy thing. What they mean that someone cheated with an admin and made him give his password?
     
  7. copxxx

    copxxx Registered Member

    Joined:
    May 21, 2008
    Messages:
    56
    Likes Received:
    13
    Occupation:
    IT Advisor
    Location:
    Europe
    I've heard some rumors about the "hacker" skid knew the owner last four CC number and with that he could get an access from Hostgator ^^ lol u might think now what a fool staff is there.
     
  8. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    I'm happy I decided to go through a third party. :D
     
  9. Patel

    Patel Senior Member

    Joined:
    Mar 1, 2011
    Messages:
    1,116
    Likes Received:
    1,503
    Location:
    On the coast
    Wow this is terrible.

    Does this mean that anyone who has ever payed for something with CC through the WHMCS platform may have their cc info stolen?
     
  10. tajmahal

    tajmahal Regular Member

    Joined:
    Nov 28, 2009
    Messages:
    294
    Likes Received:
    53
    and now main question is who will cover my expenses for new debit card.... WHMCS? do i have a right to ask from them? and lowest fastest expenses are 60$ for one debit card... f... retards... and why they did not bought a server and collocate it like every big company out there...
     
  11. DarthM

    DarthM Regular Member

    Joined:
    Dec 17, 2011
    Messages:
    379
    Likes Received:
    374
    Location:
    UK
    This is what the lead developer (Matt Pugh) wrote:

    http://blog.whmcs.com/?t=47660

    So they're claiming their host (Hostgator) handed over the admin access.
     
  12. MrDetails

    MrDetails Regular Member

    Joined:
    Nov 16, 2009
    Messages:
    252
    Likes Received:
    70
    Occupation:
    Bots, lots of bots
    Location:
    ...unknown
    Wow, thank god I had paid for that with PayPal.

    I'm still amazed that they were able to impersonate them that easily
     
  13. florflor

    florflor Senior Member

    Joined:
    Mar 9, 2008
    Messages:
    822
    Likes Received:
    307
    Does this mean if I have a reseller account with Hostgator my c.c. has been compromised????
     
  14. DarthM

    DarthM Regular Member

    Joined:
    Dec 17, 2011
    Messages:
    379
    Likes Received:
    374
    Location:
    UK
    No, the hackers apparently had access only to WHMCS's hostgator account, not all hostgator accounts.
     
  15. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    Hilarious I must say. ClientExec should use this to their advantage.

    PS. It seems that their database was leaked online which means anyone and everyone has access to it. Would definitely request a new credit card if I was their direct customer.
     
    Last edited: May 22, 2012
  16. DeanK

    DeanK Newbie

    Joined:
    May 20, 2012
    Messages:
    16
    Likes Received:
    1
    Slightly off topic but still relevant..

    It amazes me how many big companies use such poor hosts like HostGator for their sites.

    HostGator don't have the best reputation for security or service, and with companies such as WHMCS that provide services speicifically tailored to web hosts you'd think that they would know better.

    Anyone know the reasons for the attack that were posted on the twitter account?
     
  17. pokerjk

    pokerjk Senior Member

    Joined:
    Dec 26, 2010
    Messages:
    1,167
    Likes Received:
    384
    Occupation:
    Online Marketer
    Location:
    England
    Sadly this happens to the bigger players in fields e.g. when the PS3 network was compromised.

    Fortunately I never paid them direct for anything and never gave them a password. Let's hope nothing else comes from this....
     
  18. ianbong

    ianbong Newbie

    Joined:
    Aug 15, 2009
    Messages:
    37
    Likes Received:
    6
    People, you don't have to freak out that easily.

    This hack was at WHMCS' own database, it doesn't affect you even if you've paid for something via WHMCS in the past, the WHMCS you've accessed in the past is not connected to the main HQ or smt. Chill out.
     
  19. pokerjk

    pokerjk Senior Member

    Joined:
    Dec 26, 2010
    Messages:
    1,167
    Likes Received:
    384
    Occupation:
    Online Marketer
    Location:
    England
    Please see above quote.
     
  20. imperial444

    imperial444 Elite Member

    Joined:
    Jan 13, 2011
    Messages:
    1,771
    Likes Received:
    414
    Occupation:
    Full-time IM hero
    it should be admin's chick