Recent Hack of WHMCSServicesIn December 2023, a notable incident occurred involving WHMCSServices, a popular provider of WHMCS modules. It was discovered that their modules were compromised with malicious code.
Broader Impact and Coincidental BreachesThe hack’s ramifications extend beyond WHMCSServices, as similar breaches were reported from MongoDB around the same time. Although it seems like a coincidence, especially that MongoDB not using WHMCS, the simultaneous nature of these hacks raises questions.
Responses and Measures by Hosting ProvidersVarious members and hosting providers have shared their experiences and responses to this situation:
Cloudie addressed the issue promptly and is back online, as per their announcement.
QuickHostUK also faced a hack, which appears to have been executed using FTP credentials provided to WHMCSServices for troubleshooting.
Some members have conducted audits of their WHMCS modules and have either removed or updated them to ensure security.
Some members affirms that the hackers contacted them and threatened that not only this modules are affected and that they have backdoors in others as one, but these remains in realm of speculations. Did your services was affected to this
In a concerning turn of events, some members have reported receiving threats from the hackers involved in the WHMCSServices breach. According to these reports, the hackers claim that other modules are also compromised and contain backdoors. While this information currently resides in the realm of speculation, it highlights the potential depth and severity of this security issue.
This situation underscores the importance of staying vigilant and informed about cybersecurity. By sharing information and supporting each other, we can collectively enhance our defenses against such malicious activities.
Looking forward to your contributions and insights.