Again some so called hackers in the whmcssec group (maybe same as before titled admin) shared a list with proper names of potentional victims. The price is set on $5000.
frantech.ca
greenwebpage
speedykvm
Some sorts of germans too and many others, but never kown of them.
Comments
@Francisco has claimed no proof nor any breach.
Hoax.
Probably fake or they didn't fix the security issue properly.
So what is it?
Free NAT KVM | Free NAT LXC | Bobr
first one definitely.
If he really hacked down Frantech and such big ones, wouldn't he be leaking partial ones of big ones?
@Francisco get ready!
Anybody get a HACKED ticket response from HostMaze in the last week/10 days or so? I did. Wish I had taken a screenshot of it b/c it doesn't exist now except for my email re:ticket response.
Essentially said HM refused to pay a $1000 Bitcoin ransom (really, hacknerds? Isn't Monero more anonymous? OPSEC!) so all their servers were at risk of being deleted. And as a special deal, they offered my server to NOT be deleted for a special one-time only $100 Bitcoin payment.
So of course I
DID NOT pay it.
What are u gonna do? Come into my home machine, delete the backups of something running one process, and leave me with a fresh install to restore?
Thank you?
The ticket response after HM (I guess) looked into went to "Undergoing Maintenance" and now goes to "Something went wrong/we can't find that."
Both my servers there experienced zero issues after I got the hacked notice from the hacknerds.
Privacy is a human right.
Expecting as a list that turned around before by the previous guy (the group owner) that got shared and never used, because the issues where patched. The most sites never patched anyway, so mostly will collect them to deadpool, if one of them was ever active in the past year.
Full list of "new" allegedly breached hosts that was shared in their Telegram channel:
May I please ask where is the "whmcssec group"? Are you talking about Discord, Telegram, something else? Thanks!
HI FG! Link please? Thanks!
I hope everyone gets the servers they want!
Its on telegram
The Ultimate Speedtest Script | Get Instant Alerts on new LES/LET deals | Cheap VPS Deals
FREE KVM VPS - FreeVPS.org | FREE LXC VPS - MicroLXC
edit:
Retracted comment, I don't have time nor will to deal with bullshit that may follow.
That would be the first time, then. You're as malicious as it gets.
Thanks, whoever you are and I'm very sorry I made you upset at some point.
Edit: I have retracted my previous comment, hopefully it makes you feel a little bit better about yourself.
Quite the list! :-(
I would take this quite seriously if I were a customer at one of the providers in the list, and ask the company how they are dealing with this.
Remember - the risk isn't that your server will go down, the risk is that all the personal information you gave the provider gets sold to blackhats.
In the telegram chat, they have already posted a database dump of hostmaze on 25 March. So them sending a ticket from there does not prove that they have access to the 765 hosts in their new list.
The next time someone asks "Should I start a server rental/VPS company?" - I'm going to present this list and show that these are just providers that have been hacked in one go. Knew the market was saturated but hot damn.
That is a fxing long list
Host-C - VPS Services Provider - AS211462
"If there is no struggle there is no progress"
Conversation happened in private.
I'm not willing to link screenshots in public forums, but I can tell you that Fran did check his WHMCS installation for any infection and found nothing.
fyi,
Most hosts on that list are either, running nulled editions of X plugin and didn't apply security patch
or
It's a Hoax.
my best guess is he's trying to make the money back, the one he used to buy the channel?
If they have been pwned, there won't necessarily be any obvious traces left behind. It sounds like the attacker has an exploit that they've used to privilege escalate to get a database dump. That's a one-off attack - they don't need to leave any backdoors behind to get back in. Hit and run.
It's almost impossible to prove an attack like that hasn't happened, without a very thorough investigation.
It's relatively easy for the attacker to prove they have the database though, by providing a sample . Even a customer might be able to convince them to show a sample, if they think it might lead to a payout for them.