WHMCS were actually victim of a social engineering attack, which is when a person, or group in this case, manipulates another party to divulge personal information. UG impersonated one of the staff at WHMCS, and contacted the data-center demanding the access information. Reports were that a variety of 0800 phone numbers were used to convince the data-center that it was WHMCS.
“And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.”
Social engineering attacks are becoming a lot more common these days, with a variety of hacker groups using the methods to their advantages. It’s not a new tactic, but it sure does work. [Source]