WHMCS.com website hacked - security precautions inside

[easyhostmedia]

As you may be aware whmcs.com (the website) has been hacked. Unfortunately this means they would have gained access to the tickets & personal details on the WHMCS website.

I'm posting this in order to make sure you take the best steps for safety if using WHMCS.

I recommend the following:

- change all passwords including WHMCS, cPanel, WHM
- if you had your credit card details stored with WHMCS cancel the card with your bank immediately
- change your PayPal login for safety
- make a backup of your WHMCS database and website files (to be on the safe side)

You may also want to limit access to your client area under setup > general settings > maintenance mode until the problem is diagnosed by WHMCS.

Note: If you can't login to WHMCS don't panic, it's because their licensing server is offline.

The main communication spot for WHMCS customers appears to be the following thread which I recommend subscribing to for updates from WHMCS:

http://www.webhostingtalk.com/showthread.php?p=8137981

 

[Bullten]

wtf man....

 

[easyhostmedia]

wtf man....

its 100% true and Matt had his own emails compromised. the hacker has even taken control of the WHMCS tweets.

 

[Bullten]

hmmm. r u sure it isnt the software issue?

 

[easyhostmedia]

no read

http://www.webhostingtalk.com/showthread.php?p=8137981

it was def hacked. latest tweet

Full #database of http://www.whmcs.com will be #leaked soon. - Cosmo #UGNazi @UG @JoshTheGod @ThaCosmo @le4ky

 

[Artashes]

You'd think that companies that are expected to set the standards would follow basic principles in protecting customer data. After all, it is not the first nor the last company to become a victim of an attack. In recent memory, WebHostingTalk has lost data and their customer billing details have been leaked due to same PCI compliance issues.

How much money one has to earn to start thinking about investing in proper security? Where does this mentality of being untouchable come from?

I am extremely sad that it happened and I hope that the team behind WHMCS will do their best in minimizing the impact on their customers and themselves. I wish Matt the best of luck in dealing with this nightmare. There is absolutely nobody who ever wants to be in this position.

 

[Jgwynne]

That's not good for WHMCS.

how many million's of people use it (including me!)

joe

 

[easyhostmedia]

How much money one has to earn to start thinking about investing in proper security? Where does this mentality of being untouchable come from?
.

well they are on a managed server with Hostgator so say no more

 

[easyhostmedia]

I just wonder how many WHMCS users are unaware of this hack that could of had their own installations compromised.

If Jack from zomex had not messaged me then i would have not know

 

[keshavmhin23]

WHMCS and Licensepal both have send email to their customers as i received one email from them too, thus i believe most of the user shall be now aware of the issue, i myself have immediately reset our all passwords shared to whmcs for security reasons as required.

 

[handsonhosting]

Sad that the database information, and server login information (from inside tickets) were also all compromised.

Thankfully our information isn't on file with them, but there thousands of people who are on file. It'll be interesting to see how things play out here over the next few days/weeks.

 

[rds100]

I am not that worried about the whmcs.com database being leaked. I am more worried if their source code was leaked.
Every software has bugs. The bigger the software - the more bugs there are. And now the bad guys might have access to all the source and can find bugs, which we cannot find and patch ourselves. This is bad.
I think what whmcs should do now is release the source officially.

 

[easyhostmedia]

UGNazi Leaks 1.7 GB of Data from WHMCS Servers

http://news.softpedia.com/news/UGNazi-Leaks-1-7-GB-of-Data-from-WHMCS-Servers-270914.shtml

how much more will they leak out. i think its time to move

 

[rds100]

@easyhostmedia move to what? Can you point us to something better, or at least on par with whmcs?

 

[easyhostmedia]

@easyhostmedia move to what? Can you point us to something better, or at least on par with whmcs?

Hostbill is OK, but only annual plans

But we are moving to Clientexec, since the WHMCS DB has been leaked we have had 4 client cancellation requests, so we have disabled our WHMCS client area and placed a note on our home page stating orders have been suspended.

 

[qhoster]

It is not the WHMCS software which is vulnerable seems but low security on the WHMCS system side.

 

[Bullten]

Hostbill is OK, but only annual plans

But we are moving to Clientexec, since the WHMCS DB has been leaked we have had 4 client cancellation requests, so we have disabled our WHMCS client area and placed a note on our home page stating orders have been suspended.

I don't understand the reason of cancelling WHMCS? There software was not vulnerable. They were hacked at that time too you were safe. Just you need to change details in whmcs.com client area to take precaution. There were big companies got hacked in past Microsoft, Google, yahoo xss which brutally ****ed yahoo emails, Kaspersky and many. Did you stopped using them?

So that means your business rely on total software the provider is giving, you cannot take security measures by yourself. Client cancelled ordered because of whmcs.com hacked , they must be some special who don't understand technology too much. Even whmcs took online there validation server after 50 min. So what you expect from a company who understand the client issue and fir take their needful things online instead of the other major things they could have done

The guys who understand these things wont never leave a company with a proper reason to do.

 

[Posilan]

since the WHMCS DB has been leaked we have had 4 client cancellation requests, so we have disabled our WHMCS client area and placed a note on our home page stating orders have been suspended.

This is a silly kneejerk reaction. It's only going to cause your business more damage than good. By posting that on your website, you are almost admitting (incorrectly) they your customers should be worried that thier data has been compromised.

WHMCS scripts themselves were not hacked. They just managed to obtain root/cpanel access to the server and took a full backup/sql dump.

The only matters for concern for you are the contents of support tickets (if you gave them login details, they should have only been temporary user/passes anyway!) and if your credit card details were stored there.

Steve

 

[easyhostmedia]

the whole of the WHMCS database has been made publically available by the hackers, so all details held by WHMCS has now been made public. Also when i have clients leaving me due to this then i will take action

 

[Posilan]

the whole of the WHMCS database has been made publically available by the hackers, so all details held by WHMCS has now been made public. Also when i have clients leaving me due to this then i will take action

I'm aware of the leaked data and the main concerns would be if you have stored a credit card or if you put information in tickets that ought not to be there such as still live passwords etc.

If your customers have been worried about it, it would have been far better (IMO) to reassure them that none of their information had been compromised and it was not your server that had been hacked, rather than plaster a banner across your website stating WHMCS had been hacked and you have shut down your online ordering system as a result - this alone is likely to cause panic to your customers who probably were either unconcerned or not aware of the problem in the first place.

Remember - the hack that happened can happen on any platform - it was not caused by WHMCS software.

Steve