Thirty nine hosting providers including Brisbane based company Chombo have had what appears to be login details to the WHMCS billing and client management system publicly disclosed.
The anonymous dump affected 40 providers around the world, many based in the United States.
The post did not say how the log in details were obtained.
SC understands other companies not named in the release were compromised through a vulnerability in WHMCS that had been patched, but not applied by the victims.
A Norwegian website named in the hacked was also defaced - twice.
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
