Titsup WHMCS calls the Feds after credit-card megaleak
Web billing biz ransacked, smashed offline by hacktivists
By John Leyden
22 May 2012WHMCS, which provides billing and customer support tech to many web hosts, was comprehensively hacked on Monday and remains offline.
Hackers tricked WHMCS's own hosting firm into handing over admin credentials to its servers. The group that carried out the hack, UGNazi, subsequently extracted the billing company's database before deleting files, essentially trashing the server and leaving services unavailable in the process. The compromised server hosted WHCMS's main website and supported customers' installations of its technology.
UGNazi also gained access to WHMCS's Twitter account, which it used to publicise a series of posts on Pastebin that contained links to locations from which the billing firm's customer records and other sensitive data might be downloaded. A total of 500,000 records, including customer credit card details, were leaked as a result of the hack.
...
Hacker group UGNazi leaks and deletes billing service's database
The group used social engineering to access WHMCS's customer database, then leaked 500,000 records online May 22, 2012
Hackers Impersonate Web Billing Firm's Staff To Spill 500,000 Users' Passwords And Credit Cards May 22, 2012