NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

TRENDING TODAY

Home > News > Security > Hacking News

May 22nd, 2012, 07:14 GMT · By Eduard Kovacs

UGNazi Leaks 1.7 GB of Data from WHMCS Servers

Adjust text size:

UGNazi hackers have managed to gain access to the systems of WHMCS - a company that offers client management, billing and support solutions - leaking 1.7 gigabytes' worth of data. The hackers have also deleted all the files from the firm’s server, which has led to the loss of the latest orders and tickets.

The data leak comprises 500,000 usernames, passwords, IP addresses and in some instances credit card details.

Shortly after the incident took place, the company’s representatives came forward with a statement, admitting that their systems were penetrated. A few hours later, almost everything had been restored to normal and the site’s owners could make an estimate of the damages caused.

According to Matt Pugh, WHMCS founder and lead developer, the passwords are “stored in hash format” so they’re safe, but the credit card information may be at risk, along with the contents of all the recently submitted tickets. The company has also learned that the breach is a result of a social engineering attack.

“Following an initial investigation I can report that what occurred today was the result of a social engineering attack. The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions,” Pugh explained.

“And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details. This means that there was no actual hacking of our server. They were ultimately given the access details.”

On the other hand, the hackers told Softpedia that the passwords could be easily decrypted. They claim that they gained access by combining “social engineering and injections.”

Apparently, the company became a target after the hacktivists learned that it offered its services to cybercriminals and fraudsters.

“Many websites use WHMCS to scam and rip people off. For example: Users from "hackforums.net" are using WHMCS to sell illegal hosting, booters, malware, etc,” a member of UGNazi explained.

“We have reported these sites to WHMCS before and they did not take any action whatsoever to stop the illegal activity. By releasing their files, we wanted to make it known that we are watching; and will continue to be watching.”

FILED UNDER:

	Share your thoughts on this story...
		22,372 hits · 21 comments Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:

Hacker Leaks Data from Comcast Site, Protests Against Censorship

Twitter Account of Hopsin Taken Over in CISPA Protest

Hackers Leak Data from Government of Anguilla

Hackers Explain Why They Attacked Visa and CIA Sites (Exclusive)

UGNazi Hackers Leak Data from Washington Military Department

READER COMMENTS:

Comment #1 by: concerned citizen on 22 May 2012, 07:48 UTC	reply to this comment
"By releasing their files, we wanted to make it known that we are watching; and will continue to be watching" and by releasing live database and users personal details and CC details that makes UGNazi what, saints...............

Comment #2 by: Woodle on 22 May 2012, 08:03 UTC	reply to this comment
These scam Users from "hackforums.net" are probably using a hacked version of WHMCS themselves. So what could WHMCS have done if that was the case.

Comment #3 by: KBeezie on 22 May 2012, 08:25 UTC	reply to this comment
I only count about 129,000 client logins.

Comment #4 by: Thac on 22 May 2012, 09:07 UTC	reply to this comment
So because WHMCS didn't listen to them, they expose information for all their clients ? That makes to so called "hackers" no better then the Cyber-criminals.

Comment #4.1 by: 5uperman on 22 May 2012, 12:44 GMT

Absolutely. Why should WHMCS be responsible for how their software is used or misused? It is utterly insane that they are mad that hackers are using WHMCS so they hack WHMCS.com and reveal all their customers data. It makes absolutely no sense.

Comment #4.2 by: Concerned Citizen on 22 May 2012, 19:51 GMT

So Whats next, Hack Microsoft for creating the Operating system that the hackers and scammers are using on their PC's. Or what Dell or HP for creating the computers....

Or ATT for providing the Cables that were used to get on the internet, the ISP's

this is total insanity....

Comment #5 by: pcifail on 22 May 2012, 12:36 UTC	reply to this comment
So not PCI compliant then if the card details can be got at (must be held unencrypted)

Comment #5.1 by: John on 22 May 2012, 13:35 GMT

They're encrypted but if you have the encryption key (stored in a config file which the hackers have), you can decrypt all those encrypted card details.

Comment #5.2 by: KMyers on 22 May 2012, 19:21 GMT

The cards were encrypted but the encryption key was leaked with the database.

It should also be noted that this hacker now has a name and a face

http://whmcs-hacker.soup.io/

Comment #6 by: DEATH TO NAZI on 22 May 2012, 13:19 UTC	reply to this comment
UGnazi have released not just WHMCS information but information of thousands of individuals which makes them a CRIMINAL. I would like to see the funding of a bounty for the removal of the eyes and fingers of all UGnazi

Comment #7 by: anonymous on 22 May 2012, 13:42 UTC	reply to this comment
#UGNAZI

Comment #8 by: Vic on 22 May 2012, 13:46 UTC	reply to this comment
Sp CloudFlare is providing services to a know illegal group and hacking group.... Hmm, aren't they just as responsible?

Comment #8.1 by: Chris on 22 May 2012, 14:20 GMT

Seriously, this wasn't a hack.. Social Engineering isn't hacking.. it's manipulating stupid people... come on...

Comment #9 by: Bob on 22 May 2012, 15:01 UTC

reply to this comment

I reported on this moments after it happened. Why should a company be responsible for how their product is used? Lets get this straight. UGNazi hacked WHMCS because some hackers use WHMCS to sell their goods. WTF? This is simply insane. What is worse is that the attack was mostly in the form of social engineering, easily obtaining the login details from the host. How on earth did they do this? Surely there would have been security measures in place such as emailing the new password to the registered email address etc. Maybe Matt should have had a more secure security question as that seems to have been their main downfall. On the other hand, I have been a customer of HostGator and their service was so appalling, they gave me 12 months free. Even though it was free, I still left and took my business elsewhere.

Comment #9.1 by: jumpLink on 03 Jul 2012, 05:34 GMT

you shouldn't think too much about the ethical and moral reasons behind this. These guys are 18-20. At this age, you're still trying to find an identity. It takes time to mature and eventually become more tamed and sellout to the security industry...

Comment #10 by: nothappy on 22 May 2012, 19:29 UTC	reply to this comment
WHMCS isn't even a proper company, it's some guy who goes by like a million different names via support tickets... google maps the 'company' address and you will see it is just some random house in Milton Keynes, UK. WHMCS is not the international corporation it likes to pretend it is. Personally I think he / they should be held liable for any damages they have caused!

Comment #10.1 by: the_ancient on 23 May 2012, 15:51 GMT

Many software companies operate via Virtual offices, meaning they have no "real" office all of the employees work from their home.

Just because the business is based out of a Home does not make it a "scam" why should they pay for an expensive office space if most of their employees are spread through out the nation, and 100% of their business is online?

Comment #11 by: Nexxterra on 23 May 2012, 03:30 UTC

reply to this comment

As a company that has been a long term client of WHMCS and a web host you will find passwords and info about on the download, it disappoints me that good people like Matt I have to take actions to change passwords and ensure my clients are protected.
On the other hand as a company and citizen that feels that government and their regulations have went and continue to go too far, I wish them luck but I hope the next attack is more direct to their cause or an offending site.

Comment #12 by: tkk on 23 May 2012, 05:37 UTC	reply to this comment
Ridiculous excuse of a hacker

Comment #13 by: Bay on 23 May 2012, 05:52 UTC	reply to this comment
I found this information on the internet, but not sure if correct : http://whmcs-hacker.soup.io/

Comment #14 by: Ariel on 25 May 2012, 10:56 UTC	reply to this comment
What a screw up! I hardly call this a hack. This is plain human error through stupidity. The very people in charge of security just handed over the key to my business (and thousands of others businesses) to the bad guy wearing a fake uniform. I suspect this must be a product of outsourcing to cut costs if you know what I'm saying.

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use