Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Hacked - Page 16
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Hacked

1131416181924

Comments

  • jarjar Patron Provider, Top Host, Veteran
    edited May 2012

    Today felt like Tuesday to me, meaning yesterday would've been coming off the weekend. In my defense, I haven't slept much lately ;)

  • @Randy said: lol, WHY Didnt the FBI take that cock sucker down, GearSec already released the Hacker's details

    From what i understand the information GearSec has gathered is from some leaked IRC logs or so.
    The FBI can't (shouldn't) just arrest someone because some dubious group accused from of hacking WHMCS.

  • RandyRandy Member

    they said themselves that they did it, what do you mean that the @UG group is being "accused "?

  • gsrdgrdghdgsrdgrdghd Member
    edited May 2012

    @Randy said: what do you mean that the @UG group is being "accused "?

    The group GearSec accused the people they named in their blog to be the people that hacked WHMCS.

  • BHostBHost Member

    Irritating, we actually use Ubersmith, but had toyed in the recent past with switching to WHMCS and had signed up for a license to try it out.

    I take it from those links to pastebin that the card details can be decrypted then and so any CCs need cancelling?

  • @BHost said: I take it from those links to pastebin that the card details can be decrypted then and so any CCs need cancelling?

    There's been a dump on Pastebin of all the decrypted CC details.

  • @BHost said: I take it from those links to pastebin that the card details can be decrypted then and so any CCs need cancelling?

    I can confirm that your CC data is in the dump and you need to cancel your card.

  • exussumexussum Member

    Even without that dump takes less than 1 min for the php to run and decrypt all

  • BHostBHost Member

    Thanks for the info. Scrambles to call the bank...

  • joepie91joepie91 Member, Patron Provider

    For the record, Reckz0r stole that from http://pastebin.com/EVCxM2zp (he's known to plagiarize things).

  • gsrdgrdghdgsrdgrdghd Member
    edited May 2012

    @liam said: Any hackers you don't know?

    Calling those Anonymous or lulz"sec" people "hackers" is an insult for the word hacker :P

    Oh and btw it has been pointed out earlier that @joepie91 has affiliations with lulzsec/anonymous

    Thanked by 1djvdorp
  • AldryicAldryic Member

    @gsrdgrdghd said: Oh and btw it has been pointed out earlier that @joepie91 has affiliations with lulzsec/anonymous

    Old news, but correct. To his defense, he was one of the chaps that hung about in the lulzsec irc channel; he wasn't directly involved with their antics.

  • joepie91joepie91 Member, Patron Provider

    @liam said: Any hackers you don't know?

    Reckz0r can not be considered in any way, shape, or form a 'hacker', regardless of whether you adhere to the 'media definition' of 'someone that breaks into computers' or the 'real' definition of 'someone that builds things'.

    The point is that Reckz0r has been attentionwhoring all over anon for the past few weeks - I think it'll be hard to find someone involved in anon that doesn't know about him and his constant plagiarism, false claims, and famewhoring.

    (Additionally, I'm not sure how my 'affiliations with anon' [what? It's not even a group] matter here.)

  • gsrdgrdghdgsrdgrdghd Member
    edited May 2012

    @joepie91 said: (Additionally, I'm not sure how my 'affiliations with anon' [what? It's not even a group] matter here.)

    They don't really matter (and i don't think anyone here cares), i just provided it as an explanation to @liam why you know all that people.

  • jarjar Patron Provider, Top Host, Veteran
    edited May 2012

    It's not hard have affiliations with "anonymous." Anyone can post on _chan.___
    Fill in the blanks with anything really...

  • @liam said: Any hackers you don't know?

    Jesus is a hacker, he was able to hack physics to walk on water!

    Thanked by 2djvdorp Liam
  • jarjar Patron Provider, Top Host, Veteran

    @Daniel Nobody owns the water. It's God's water.

  • joepie91joepie91 Member, Patron Provider

    @gsrdgrdghd said: They don't really matter (and i don't think anyone here cares), i just provided it as an explanation to @liam why you know all that people.

    Fair enough.

  • raindog308raindog308 Administrator, Veteran

    Hmmm...

    image

  • @jarland said: @Daniel Nobody owns the water. It's God's water.

    The fish own it.

  • raindog308raindog308 Administrator, Veteran

    @Daniel said: The fish own it.

    Jesus pown'd it!

    Thanked by 1Infinity
  • @rds100 said: @ElliotJ i guess the same is true for most providers offering "live chat support". That's why i don't understand why people want to use live chat - it is insecure and open to such problems. It is not that hard to login to your client are and submit a ticket..

    Phone is subject to the same problem, and people want their answers now, not in an hour, not in a day, whatever.

  • Shit. I hope my debit card wasn't leaked. Oh well, hopefully my bank will detect any weird charges if anything happens.

    I go onto Lowendbox to search for a VPS and get this bad news.... ugh.

  • raindog308raindog308 Administrator, Veteran

    Holy majoly.

    Do my eyes deceive me or has @DepotVPS_Shane returned...

  • AsadAsad Member

    @DepotVPS_Shane said: I hope my debit card wasn't leaked. Oh well, hopefully my bank will detect any weird charges if anything happens.

    If you used your card on whmcs.com then it has been leaked. I suggest you phone your bank rather than wait for something to happen.

  • @Asad: I might as well. I used licensepal but just to be safe....

  • So we have gathered this.

    WHMCS used HostGator and trusted HostGator with everything.
    HostGator clearly do not give a damn about their big customer's security, and after a few questions just hand the account over.
    WHMCS is at fault for using HostGator in the first place when they can clearly afford a dedicated server and clearly have the minimal skills to manage it.
    Everyone who had their credit card details at WHMCS are now screwed and should cancel their card ASAP and check purchases, as your details are now everywhere.
    WHMCS should of used a better method for storing CC data, perhaps each daily cron job a URL is sent to the admin where they enter the key to process the transactions.

  • But what about us LicensePal people? :P

    I might just be calling the bank if LP is effected too...

  • @DepotVPS_Shane said: But what about us LicensePal people? :P

    Should be fine.

  • rds100rds100 Member

    I don't understand why whmcs chose to store/process credit cards directly in the first place and not use a company specialized in credit card processing.

Sign In or Register to comment.