Commercial Billing Company WHMCS Attacked by Hackers
Commercial billing company WHMCS had its website taken offline due to an attack lead by hacker group UGNazi , or Underground Nazi, through a social engineering scheme.
Contacting the company’s hosting firm and impersonating a WHMCS employee, the hackers were able to correctly answer all security verification questions and access the company’s client account. Changing the contact email address and requesting login admin credentials from the hosting firm enabled hackers to access the company’s database and cripple their website.
“The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details,” said a WHMCS spokesperson.
UGNazi also spread Pastebin links through the company’s hijacked Twitter account, containing the stolen data, estimated at around 500,000 records. Credit card data was also part of the stolen information. Although encrypted, the company warns that the decryption key may have also been compromised.
“Many websites use WHMCS for scams. You ignored our warnings. We spoke louder. We are watching; and will continue to be watching. #UGNazi,” said the hacker group in justifying their attack on WHMCS.
“Credit card information although encrypted in the database may be at risk,” confirmed the company in a blog post shortly after the attack was reported. WHMCS managed to resolve the issue with their offline website and operations have returned to normal. The matter has been reported to the Federal Bureau of Investigation and a full investigation is underway.