Client management billing platform WHMCS last week notified customers that hacker group UGNazi fooled its Web hosting firm into providing the hackers with administrative credentials.
The hackers stole the data, deleted it from the hosting provider's systems, and then posted it on the Web.
UGNazi also gained access to WHMCS’s Twitter account, which it used to publicize a series of posts on Pastebin that contained links to locations from which the billing firm’s customer records and other sensitive data might be downloaded. A total of 500,000 records, including customer credit card details, were leaked as a result of the hack, according to news reports.
WHMCS developer Matt Pugh wrote in a blog: "The person was able to impersonate myself with our Web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.
"This means that there was no actual hacking of our server. They were ultimately given the access details. This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself."
UGNazi compounded the problem by launching a large-scale distributed denial-of-service attack that froze WHMCS's Web servers.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio