Social Engineers Steal 500,000 Customers Data From WHMCS

  /     /     /  
Publicated : 22/11/2024   Category : security


Social Engineers Steal 500,000 Customers Data From WHMCS


Client management billing platform provider says its hosting provider was breached



Client management billing platform WHMCS last week notified customers that hacker group UGNazi fooled its Web hosting firm into providing the hackers with administrative credentials.
The hackers stole the data, deleted it from the hosting providers systems, and then posted it on the Web.
UGNazi also gained access to WHMCS’s Twitter account, which it used to publicize a series of posts on Pastebin that contained links to locations from which the billing firm’s customer records and other sensitive data might be downloaded. A total of 500,000 records, including customer credit card details, were leaked as a result of the hack, according to
news reports
.
WHMCS developer Matt Pugh wrote in a blog: The person was able to impersonate myself with our Web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.
This means that there was no actual hacking of our server. They were ultimately given the access details. This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself.
UGNazi compounded the problem by launching a large-scale distributed denial-of-service attack that froze WHMCSs Web servers.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Social Engineers Steal 500,000 Customers Data From WHMCS