Warning: WHMCSServices Security Incident - Potential Risks for Hosting Providers
SkynetHosting
Chisinau
Greetings,
Recent Hack of WHMCSServices
In December 2023, a significant event unfolded with WHMCSServices, a well-known supplier of WHMCS modules. It came to light that their modules had been infiltrated with harmful code.
Broader Impact and Coincidental Breaches
The implications of the hack are not limited to WHMCSServices; around the same period, similar security breaches were also observed at MongoDB. Despite appearing coincidental, particularly since MongoDB does not utilize WHMCS, the concurrent timing of these intrusions prompts further scrutiny.
Responses and Measures by Hosting Providers
Various members and hosting providers have shared their experiences and responses to this situation:
Some members have conducted audits of their WHMCS modules and have either removed or updated them to ensure security.
Some members affirms that the hackers contacted them and threatened that not only this modules are affected and that they have backdoors in others as one, but these remains in realm of speculations. Did your services was affected to this
In a concerning turn of events, some members have reported receiving threats from the hackers involved in the WHMCSServices breach. According to these reports, the hackers claim that other modules are also compromised and contain backdoors. While this information currently resides in the realm of speculation, it highlights the potential depth and severity of this security issue.
This situation underscores the importance of staying vigilant and informed about cybersecurity. By sharing information and supporting each other, we can collectively enhance our defenses against such malicious activities.
Looking forward to your contributions and insights.
Recent Hack of WHMCSServices
In December 2023, a significant event unfolded with WHMCSServices, a well-known supplier of WHMCS modules. It came to light that their modules had been infiltrated with harmful code.
Broader Impact and Coincidental Breaches
The implications of the hack are not limited to WHMCSServices; around the same period, similar security breaches were also observed at MongoDB. Despite appearing coincidental, particularly since MongoDB does not utilize WHMCS, the concurrent timing of these intrusions prompts further scrutiny.
Responses and Measures by Hosting Providers
Various members and hosting providers have shared their experiences and responses to this situation:
- Cloudie addressed the issue promptly and is back online, as per their announcement. https://my.cloudie.sh/index.php?rp=/announcements/4/URGENT-SecurityorPayment-Invalidation-Notice-Action-Required.html
- QuickHostUK also faced a hack, which appears to have been executed using FTP credentials provided to WHMCSServices for troubleshooting. https://status.quickhost.uk/incident/411384
Some members have conducted audits of their WHMCS modules and have either removed or updated them to ensure security.
Some members affirms that the hackers contacted them and threatened that not only this modules are affected and that they have backdoors in others as one, but these remains in realm of speculations. Did your services was affected to this
In a concerning turn of events, some members have reported receiving threats from the hackers involved in the WHMCSServices breach. According to these reports, the hackers claim that other modules are also compromised and contain backdoors. While this information currently resides in the realm of speculation, it highlights the potential depth and severity of this security issue.
This situation underscores the importance of staying vigilant and informed about cybersecurity. By sharing information and supporting each other, we can collectively enhance our defenses against such malicious activities.
Looking forward to your contributions and insights.