Hackers breach WHMCS via social engineering
Posted on 22 May 2012.
WHMCS, the company behind the popular commercial billing and automation software program used by many web hosting firms, has had its web server hacked on Monday.

Hacker group UGNazi ("Underground Nazi") was apparently behind the attack, which was executed via a clever social engineering trick.

The attackers contacted WHMCS's hosting firm, correctly answered security verification questions, and thus gained access to the company's client account. Once in, they changed the contact email address and requested the hosting company to send them the admin login credentials.

"This means that there was no actual hacking of our server. They were ultimately given the access details," it was pointed out in a post on the firm's blog. "This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself."

According to the Register, the hackers have misused the access to exfiltrate the contents of the firm's database, than deleted it and consequently crippled the website.

They also managed to compromise the firm's Twitter account, and have used it to spread links to a number of Pastebin posts containing links to the stolen data: some 500K records that also contain credit card data.

The credit card information has been encrypted, but apparently still may be at risk, as it is believed that the key to decrypt it has also been compromised during the breach.

The reason behind the attack was explained by the group via a Twitter message: "Many websites use WHMCS for scams. You ignored our warnings. We spoke louder. We are watching; and will continue to be watching. #UGNazi"

WHMCS's site is now back online.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th