Revivenode WHMCS Security Incident - Feb 2024

The following email was sent out to all users who have ever registered an account on Revivenode's billing (WHMCS) system on February 26th, 2024.



Hello,

We are writing to inform you about a critical data breach affecting our WHMCS client billing system at https://billing.revivenode.com. We believe this was caused by a recently reported security vulnerability in our WHMCS client theme (Lagom), which was exploited by a hacker in order to gain unauthorized access to our database. The theme is made by a well known developer, and is used by several other hosting companies. Unfortunately, this breach is not isolated to us and has affected other hosting companies.

Upon discovering the breach, we started an investigation and we've taken the following actions:
All passwords to the billing portal, game panel, web panel, and VPS panel have been revoked.
If your VPS's password wasn't changed since deployment, it was rotated.
Automatic terminations are temporarily disabled, automatic service terminations will be done automatically after 14 days (instead of 7 previously), once it is re-enabled at a later date.
All internal API keys have been rotated.
Our WHMCS installation has been reprovisioned afresh, and we're taking measures to prevent reoccurence.

If you have reused the same password on other services, we strongly recommend changing your password.

In future, we will be vetting modules and themes more strongly before deploying them.

Overview of exposed data:

Full names, addresses, phone numbers, email addresses.

Details of hosting packages and services you've had with us.
Information from billing support tickets and billing email communications.
Usernames and hashed passwords.
Plaintext passwords for deployed services (web and VPS primarily). These have been revoked and will require a password reset.
Additional administrative data, audit logs, settings.
Last 4 digits of saved cards (We don't store your full card information, full card numbers are stored with our payment processor, Stripe. This information cannot be accessed by us, or anyone else with access to the database).

Be cautious of any bad actors misusing the exposed information to send unsolicited emails, and phishing attempts. It is possible that the hackers will be sending out emails asking you to join Telegram groups and such. We request you to exercise due caution and avoid clicking on any links, downloading any software, or providing personal information unless you can verify the source.

We don't expect your payment information to be at risk of being misused. If you do notice any unauthorized payments by us, please open a ticket and we will investigate it.

In order to regain access to the control panels and services, please request a password reset on the links provided below:
Blling portal: https://billing.revivenode.com/password/reset
Game panel: https://panel.revivenode.com/auth/password
VPS panel (Virtualizor): https://vps.revivenode.com:4083/#act=login&sa=fpass
Web panel: You can change the password from the Service Overview section in the billing portal.

It is with great sadness that we send out this email, and we are doing everything in our power to handle this current situation. We take this incident very seriously and are committed to the security and privacy of your information, and sincerely apologize for the inconvenience caused and appreciate your cooperation. We hope this won't affect your choice of hosting with Revivenode, should you have any questions or concerns, please don't hesitate to contact us.

Regards,
The Revivenode Team

Frequently Asked Questions



QuestionAnswer
Are passwords compromised?No, all passwords are hashed and salted. This is a one way process and passwords cannot be reconstructed from this hash. All panel passwords were revoked as an additional security measure to ensure account security. It is still recommended to change passwords also used on other services.
Are my Bank cards and PayPal details stolen?No, only the last 4 digits were exposed. All other data (eg. full card numbers, etc) are secure and safe with our payment processors Stripe and Paypal. Stripe and Paypal were not compromised.
Why can't I access my account?To ensure account security, all passwords for all panels were revoked. You will need to request a password reset: Billing Portal, Game Panel, VPS Panel (Virtualizor), Web Panel (Change from the Service Overview section in the Billing Portal).
Why isn't the Web Panel loading?The Web Panel will IP block you after so many failed login attempts. Please open a ticket and provide your IP to get unblocked.
Should I reset my passwords elsewhere?Yes. Despite your passwords being hashed and salted, it is still advised to reset your password elsewhere as an additional security measure.
Should I enable 2FA?It is always recommended to secure all accounts with 2 Factor Authentication, but as long as you have a strong unique password, your account will be secure.


In summary, simply just change your password on all sites you care about and enable 2FA where-ever possible.

Updated on: 11/03/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!