Hackers breach WHMCS via social engineering
Posted on 22 May 2012.
WHMCS, the company behind the popular commercial billing and automation software program used by many web hosting firms, has had its web server hacked on Monday.

Hacker group UGNazi ("Underground Nazi") was apparently behind the attack, which was executed via a clever social engineering trick.

The attackers contacted WHMCS's hosting firm, correctly answered security verification questions, and thus gained access to the company's client account. Once in, they changed the contact email address and requested the hosting company to send them the admin login credentials.

"This means that there was no actual hacking of our server. They were ultimately given the access details," it was pointed out in a post on the firm's blog. "This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself."

According to the Register, the hackers have misused the access to exfiltrate the contents of the firm's database, than deleted it and consequently crippled the website.

They also managed to compromise the firm's Twitter account, and have used it to spread links to a number of Pastebin posts containing links to the stolen data: some 500K records that also contain credit card data.

The credit card information has been encrypted, but apparently still may be at risk, as it is believed that the key to decrypt it has also been compromised during the breach.

The reason behind the attack was explained by the group via a Twitter message: "Many websites use WHMCS for scams. You ignored our warnings. We spoke louder. We are watching; and will continue to be watching. #UGNazi"

WHMCS's site is now back online.


Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Jul 30th