DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

whmcs.com hacked, 1.7GB Data Leaked By #UGNazi

Posted on May 22, 2012 by Lee J

One of the most well known billing and support systems for website control systems WHMCS (whmcs.com) has been hacked and as a result a heap of data has been obtained and leaked. The attack comes from #UGNazi @UG twitter account as well as the hacked WHMCS Twitter account which has been used to announce that it has been hacked. The leaked data comes in 3 rar files that have been uploaded to the ugnazi site. We also came across a statement from a developer named matt from whmcs who has confirmed the site outage and the breach, this came in two parts so far.

As many of you will have noticed by now, we have today become the unfortunate victims of a severe and malicious hack. We are currently working to restore normal operations as quickly as possible and will post updates here as they become available here. Initial indications are that the database of our ticketing system may have been compromised, and thus we would recommend that if you have recently sent us a ticket containing your WHMCS or FTP login details, and have not yet changed them again following that, that you do so as soon as possible. As soon as we know more about what happened we’ll provide updates. In terms of licensing, providing you have a valid local license key then at this time you should not be experiencing any interuptions in service. If you are doing a new installation or moving your license and thus require a license refresh, these will not be available until the site is back online. Or alternatively if your local key was not valid prior to this downtime, then you may also be experiencing issues validating currently, and once back online do get in touch with us so any local key issues with your installation can be resolved. We would like to offer our sincere apologies for any inconvenience caused. We ask you to stick with us – now more than ever – in a challenging time. We promise to get everything back to normal soon. UPDATE 18:09 The license checking server is now back online and providing valid license responses. So if you were experiencing licensing errors before, these should now be resolved. Our website and ticket desk should be back online within the next 30-60 minutes. UPDATE 19:20 The main site is now being restored. Those with invalid local keys may experience intermittent license validation issues again. UPDATE 19:55 The main site and ticket system are now back online. UPDATE 20:50 Now our systems have been restored, a status update has been posted here: https://forum.whmcs.com/showthread.php?t=47650. Any further notifications will also be made there. Matt

At least they are not saying this has not happened and maybe it will motivate them to secure their systems a bit better to prevent this from happening ever again. Matt has also posted an update about the attack.

&Dear All, It may be a little early for this post since at this time, our web hosting provider are still investigating and looking into exactly what happened, and why, and are yet to report back to us. But here is what we know at this point in time. A little over 4 hours ago our main server was compromised. This server hosts our main website and WHMCS installation. What we know for sure 1. Our server was compromised by a malicious user that proceeded to delete all files 2. We have lost new orders placed within the previous 17 hours 3. We have lost any tickets or replies submitted within the previous 17 hours What may be at risk 1. The database appears to have been accessed 2. WHMCS.com client area passwords are stored in a hash format (as with all WHMCS installations by default) and so are safe 3. Credit card information although encrypted in the database may be at risk 4. Any support ticket content may be at risk – so if you’ve recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, we recommend changing them now. At this time there is still no evidence to suggest that this compromise actually originated through the WHMCS software itself. This was not merely a WHMCS system access, and since we do not provide hosting ourselves, our WHMCS is not hooked up in any way to our server. We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time. Once again, we strongly urge all users to cycle all their passwords, not just for WHMCS, but for any associated services that may have been provided to us at any point in time. As soon as we know more, we will post further updates. Matt

It would also appear there are some unhappy clients and others on facebook already. At time of publishing it would appear that @UG still has access to their twitter and possibly more. https://pastebin.com/UJCi72FS

Related posts:

  • WHMCS victim of social engineering; over 500,000 client records stolen, deleted from server, and dumped publicly
  • Operation Islam v Operation Israel Results
  • WHMCS Attacks Update, DDoS & Forum Defaced, Now Offline
  • Who is on TEKsystems Intel Leak
Category: Breach Incidents

Post navigation

← 1.7GB leaked from the Bureau of Justice By @planethacks
WHMCS victim of social engineering; over 500,000 client records stolen, deleted from server, and dumped publicly →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.