UGNazi hackers hacked WHMCS

UGNazi hackers managed to get full access to WHMCS servers. As a result of the leakage, 1.7 gigabytes of data were thrown out of the free space, including 500 thousand user names, passwords, IP addresses, and in some cases credit cards.

Immediately after the attack, company representatives confirmed the invasion. After a few hours, the system was restored, but many users felt the loss of customers.

According to Mata Pug, founder and main developer of WHMCS, passwords were saved in a hashed form, but credit card information in recent caliper requests may end up in the hands of intruders.
')
Mat also shed some light on how hackers managed to gain access at root level and merge all files and databases. According to him, under his name, the attacker phoned the hoster and correctly answered all the security questions, after which he received unlimited access to the server.

Hackers also stated on Softpedia that passwords can be easily decoded. They also confirmed the hacking technique with a false notion and the use of injections. Hackers sought to punish WHMCS for allegedly providing their services to attackers and fraudsters:

Many sites use WHMCS to fool people. For example: “hackforums.net” sells illegal hosting, butera, and other Malvar. We repeatedly warned WHMCS before taking extreme measures to stop illegal immigrants. Having made public their files, we want to declare that we will watch and keep watch.

At first, UGNazi posted their message on pastebin , but it was promptly removed. A copy so far can be read here ( thanks to Haoose ) or here .

Hackers also managed to crack Twitter WHMCS , which at the time of this writing has not been restored.

Update: A few hours later, the hacker site ugnazi.com with all the files uploaded stopped working. Most likely it was covered through their hoster.

Via Softpedia and DomenForum

* WHMCS is one of the leading providers of customer management systems, including payment systems. Who cares exactly how WHMCS works, you can watch them live online with the demo version .