Customer Information Leaked With Social Engineering Attack

The famous billing service WHMCS was “hacked” today by a group of hackers that call themselves “UG“, revealing all customer information, and license keys to the service. And the best part? It wasn’t actually hacked.

WHMCS were actually victim of a social engineering attack, which is when a person, or group in this case, manipulates another party to divulge personal information. UG impersonated one of the staff at WHMCS, and contacted the data-center demanding the access information. Reports were that a variety of 0800 phone numbers were used to convince the data-center that it was WHMCS.

“And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.”

Social engineering attacks are becoming a lot more common these days, with a variety of hacker groups using the methods to their advantages. It’s not a new tactic, but it sure does work. [Source]