WHMCS got hacked

[grynge]

Don't know if anyone uses WHMCS for their accounting/management but according to them they got hacked by some social engineering (is you host safe? maybe a post for another thread)

It may be a little early for this post since at this time, our web hosting provider are still investigating and looking into exactly what happened, and why, and are yet to report back to us. But here is what we know at this point in time.

A little over 4 hours ago our main server was compromised. This server hosts our main website and WHMCS installation.

What we know for sure

1. Our server was compromised by a malicious user that proceeded to delete all files
2. We have lost new orders placed within the previous 17 hours
3. We have lost any tickets or replies submitted within the previous 17 hours

What may be at risk

1. The database appears to have been accessed
2. WHMCS.com client area passwords are stored in a hash format (as with all WHMCS installations by default) and so are safe
3. Credit card information although encrypted in the database may be at risk
4. Any support ticket content may be at risk - so if you've recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, we recommend changing them now.

So if you have used whmcs or their help, you should change any passwords/usernames to your systems, this could include whmcs and your server/hosting account if you had them fix a problem or install their system. Your personal information including credit cards have been stolen so you should also contact your bank. If you use the same password on multiple sites you may also need to change them as well.