In association with heise online

23 May 2012, 16:25

Billing company targeted in social engineering attack - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

WHMCS logo

Billing company WHMCS, which provides financial and support services to web hosting companies, was hacked on Monday and is suffering a continuing Distributed-Denial-of-Service (DDoS) attack. The company's servers had been breached using basic social engineering techniques and details of a 1.7GB archive of internal web site information from their domain was leaked on PasteBin. Currently, the company's service portal continues to be offline and its blog states that it has still no control over the corporate Twitter account.

Attackers belonging to a group calling itself UGNazi had contacted WHMCS's own web hosting provider, claiming to be the site's administrator. After the hosting provider gave them the credentials to the web server, they proceeded to download the entire site's information before deleting the company's web site. The data was later leaked online, including personal data and credit card numbers from customers.

WHMCS was initially claiming that passwords and credit card numbers were only stored as hashed values and were therefore safe, but the company has now stated that customers should "take appropriate steps to secure their card." Even if the data was hashed, it might be possible to extract information using techniques such as rainbow tables.

Meanwhile the company is struggling to get the customer area of their site secured and back online; their main web site is currently back online but experiences slowdowns as the DDoS attack continues. Today, the company's forum, which is hosted on a different server than the main web site, was also breached and has not yet been secured again. Additionally, WHMCS is reporting that it has lost control of its Twitter account in the attack and has, as yet, failed to regain control over it.

Update 24-05-12: Some clients of WHMCS have reported problems with the company's licence servers which apparently make their e-commerce modules unusable. To fix this, a workaround has been suggested that disables the licence check.

In the meantime, UGNazi have also been attacked. Their web site is not reachable at the moment and a rival hacker group has leaked personal information about UGNazi members to the internet, including a picture of the group's leader. This prompted a cheerful response from the group on Twitter.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit