(The Hosting News) – WHMCS, the popular client management billing platform used by a number of web hosting providers faced the wrath of hackers on Monday. After facing website downtime, WHMCS Developer Matt confirmed the breach via the company’s forums late last night.
WHMCS laid the blame on what it referred to as a “social engineering attack.”
The intruder’s methods were detailed in the post. “The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details,” commented Matt.
The actual site downtime was a result of a DDoS attack. According a report posted on theregister.co.uk, the operation was carried out by hacking group UGNazi and succeeded in leaking data pertaining to 500 thousand user accounts. Another report from Forbes stated that the data totaled 1.7 gigabytes.
The attack itself appeared to be so extensive that it carried over into WHCMS’s Twitter feed where hackers were able to publicize the leaked data.
WHMCS has since handed over the investigation to the U.S. FBI and maintains it will soon migrate to a new setup. The company offers a number of features for online presences in the area of billing functionality. Earlier this month, WHMCS announced the latest release of its software, version 5.1