ShellCodeX Breach Report
WHMCS Data Breach
whmcs.com
Verified breach
Passwords exposed
Accounts exposed
134,047
Breach date
21 May 2012
Added to tracker
28 Jun 2016
Data classes
10
What happened
In May 2012, the web hosting, billing and automation company WHMCS suffered a data breach that exposed 134k email addresses. The breach included extensive information about customers and payment histories including partial credit card numbers.
Exposed data
Email addresses
Email messages
Employers
IP addresses
Names
Partial credit card data
Passwords
Payment histories
Physical addresses
Website activity
Recommended actions
- Change your WHMCS password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing WHMCS โ attackers weaponise breach data quickly.
- Monitor your bank and card statements closely and consider requesting a card replacement.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP