Been following a thread over at Web Hosting Talk today called “WHMCS got hacked?“. It seems their server was compromised by accessing the owners email and using this to gain access to the servers authentication details directly from the hosting provider.
Many questions arise from this and from the information provided so far it looks like very little steps were done to prevent such incidents, most important of all – how did his email get accessed in the first place.
It seems like some basic security steps could have prevented this and most importantly, prevented the leak of all the customers details, credit cards, support tickets, internal emails and a whole treasure trove of information from now circulating through-out the internet.
Following an initial investigation I can report that what occurred today was the result of a social engineering attack.
The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.
This means that there was no actual hacking of our server. They were ultimately given the access details.
This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself.
We are immediately reviewing all of our hosting arrangements, and will be migrating to a new setup at the earliest opportunity.
I would like to take this opportunity to thank all of you who have sent in messages of support, and offers of help. It has clearly been a very stressful time, and I thank everyone both personally and on behalf of WHMCS for their loyalty and support.
The matter is now in the hands of the FBI.
The attackers have posted much more information at their twitter feed: http://twitter.com/#!/UGNazi