ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

WHMCS Data Breach

whmcs.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 134,047
Breach date 21 May 2012
Added to tracker 28 Jun 2016
Data classes 10

What happened

In May 2012, the web hosting, billing and automation company WHMCS suffered a data breach that exposed 134k email addresses. The breach included extensive information about customers and payment histories including partial credit card numbers.

Exposed data

Email addresses Email messages Employers IP addresses Names Partial credit card data Passwords Payment histories Physical addresses Website activity

Recommended actions

  • Change your WHMCS password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing WHMCS โ€” attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP