The ongoing saga at WHMCS

The Hacktivist group responsible for the social engineering of Hostgator allegedly said: ‘Many websites use WHMCS for scams. You ignored our warnings. We spoke louder. We are watching; and will continue to be watching. #UGNazi’

WHMCS, a UK based turnkey online payment and billing system, had their servers taken over through social engineering the ISP, Hostgator. WHMCS is also apparently still experiencing an ongoing denial of service attack as well. The company is so under pressure that even the spelling on it’s official blog ( ) is suspect.

Still no official word about the amount of credit card details, passwords and other information that was stolen, except the confirmation that credit card data was stolen. Speculation varies between 500 000 and some millions of credit card customers that may be at risk.

There should be South African customers among the stolen credit card data as facebook and Google advertising for products in South Africa did click through to WHMCS vendors.