Social Engineers Steal 500,000 Customers' Data From WHMCS

Client management billing platform provider says its hosting provider was breached

Dark Reading Staff, Dark Reading

May 29, 2012

1 Min Read

Client management billing platform WHMCS last week notified customers that hacker group UGNazi fooled its Web hosting firm into providing the hackers with administrative credentials.

The hackers stole the data, deleted it from the hosting provider's systems, and then posted it on the Web.

UGNazi also gained access to WHMCS’s Twitter account, which it used to publicize a series of posts on Pastebin that contained links to locations from which the billing firm’s customer records and other sensitive data might be downloaded. A total of 500,000 records, including customer credit card details, were leaked as a result of the hack, according to news reports.

WHMCS developer Matt Pugh wrote in a blog: "The person was able to impersonate myself with our Web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.

"This means that there was no actual hacking of our server. They were ultimately given the access details. This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself."

UGNazi compounded the problem by launching a large-scale distributed denial-of-service attack that froze WHMCS's Web servers.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights