Thirty nine hosting providers including Brisbane based company Chombo have had what appears to be login details to the WHMCS billing and client management system publicly disclosed.
The anonymous dump affected 40 providers around the world, many based in the United States.
The post did not say how the log in details were obtained.
SC understands other companies not named in the release were compromised through a vulnerability in WHMCS that had been patched, but not applied by the victims.
A Norwegian website named in the hacked was also defaced - twice.
_(36).jpg&h=140&w=231&c=1&s=0)
_(33).jpg&h=140&w=231&c=1&s=0)
_(37).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Melbourne Cloud & Datacenter Convention 2026
_(1).jpg&h=140&w=231&c=1&s=0)
