UGNazi hackers hacked WHMCS
UGNazi hackers managed to gain full access to the WHMCS servers . As a result of the leak, 1.7 gigabytes of data were thrown into free space, including 500 thousand user names, passwords, IP addresses, and in some cases credit cards.
Immediately after the attack, company representatives confirmed the invasion. A few hours later, the system was restored, but many users felt the loss of customers.
According to Mat Pug, the founder and chief developer of WHMCS, passwords were stored in a hashed form, but the credit card information in the latest support requests may be in the hands of attackers.
Mat also shed some light on how hackers managed to gain root-level access and merge all files and databases. According to him, under his name, the attacker called the hoster's support and correctly answered all security questions, after which he received unlimited access to the server.
Hackers told Softpedia that passwords can be easily decoded. They also confirmed that the hack was misrepresented as well as using injections. Hackers aimed to punish WHMCS for allegedly providing their services to attackers and scammers:
Many sites use WHMCS to trick people. For example: "hackforums.net" sells illegal hosting, booters, and other malware. We have repeatedly warned WHMCS before taking extreme measures to stop illegal immigrants. Having released their files, we want to declare that we are vigilant and will be vigilant.
At first, UGNazi posted their message on pastebin , but it was promptly removed. You can read the copy here ( thanks to Haoose ) or here .
Hackers also managed to hack Twitter WHMCS , which at the time of writing was not restored.
Update: After a few hours, the ugnazi.com hacker site itself with all the uploaded files stopped working. Most likely it was covered through their hoster.
Via Softpedia and DomenForum
* WHMCS is one of the leading suppliers of customer management systems, including payment systems.Who cares how exactly WHMCS works, you can watch their live demos online .