

Today we were the victim of a malicious social engineering attack. - mappu
http://blog.whmcs.com/

======
mappu
Summary: Malicious user managed to answer all the security questions of
WHMCS's webhost in order to reset the password and gain access to the server.
Apparently credit card details are at risk.

An email was sent out earlier to all licensees with the following content:
<https://gist.github.com/2771537>

This is a nightmare situation for WHMCS, and it's even worse when your product
is this popular - i can only hope there's no backdoors hidden in the ioncube'd
PHP, since that could be disastrous for all their hundreds of thousands of
licensees (of which my company is one..)

