Within the past few hours WHMCS.com has had their databases hacked. Check out the links for more info. http://forum.whmcs.com/showthread.php?p=223398#post223398 http://forum.whmcs.com/showthread.php?t=47650
They never care about security, only $$$.... when the 0d4y exploit published on Dec 2011 we did report then on 1st Dec about it before anyone know about it and they ignore us for 3 days and then email us that there is no way to have an such like that exploit on whmcs, now they are hacked twice on 1 year... all our data and visa, tickets, passwords are leaked! and who is responsible... who trust them ONLY! WE.
People who has big business always busy with their business.. Thats why big business can be easily down. Especially for online business such as services/product like WHMCS. WEIRD!
In that case I dont think they will last. Capitalism is setup for it. If they keep failing another company will take their job over.
What a fcking shame! Matt couldn't afford few admins ... khm, I mean nobody monitored the servers. Poor guy, they only got 60k active license ... do the math ^^
That's right copxxx, if he did he safe him self from any attack in future... think outside the b0x always!
It was not their fault actually just search the web. It was down to HOSTGATOR there hosting provider who were subject to a social engineering hack. i.e. a person obtaining information for another by deception. How the hacker managed to pass the verfication questions and then GIVEN the admin password who knows. But it does make you wonder no matter how tight your security can be it only takes a person in an important position to be fooled that can create chaos.
Well if you are handling such a business you ought to have security. Social Engineering hack is not a full proof hack. There can be enough security agaisnt these kind of attacks. Now all that needs to be seen is if all the customer data they had were encrypted or not.... specially the credit card details. I just hope no-one suffers badly.
It is published and i did encrypt my visa with-in 1 sec.... the others 500 CC card i can encrypt them with-in 5 mints... but then, who will be responsible for leak my visa card and yours??
Well as a Technolegal & Infosec guy I can tell you that if legal action is taken WHMCS can end up in huge trouble. But it all depends on the country and analysis of its existing security measure. So if you suffer loss of any form you can sue the company.
Woowwww!!! Now Matt will spend penny $0.0001 to secure our private details.. @DP Users: Please switch to other billing script otherwise you will lose your business..
There is 2 0d4y exploit for whmcs now, 1 patched in 1st May, and the other still 0d4y in underground forums... keep your eyes on Apache logs .
It's unknown vulnerability of the software, and the vendor doesn't know, and even if Matt know about it, he want believe it as below.