Thirty nine hosting providers including Brisbane based company Chombo have had what appears to be login details to the WHMCS billing and client management system publicly disclosed.
The anonymous dump affected 40 providers around the world, many based in the United States.
The post did not say how the log in details were obtained.
SC understands other companies not named in the release were compromised through a vulnerability in WHMCS that had been patched, but not applied by the victims.
A Norwegian website named in the hacked was also defaced - twice.