Sunday, March 26, 2017
Home / Security / Breaches / PureVPN breached via Zero-Day WHMCS Exploit

PureVPN breached via Zero-Day WHMCS Exploit

PureVPN, a popular VPN service was dealt a huge blow from attackers, a zero-day exploit.   When the attackers breached their servers they mass mailed a fake email claiming account shutdown and a data compromise. Uzair Gadit, the founder of the VPN alleges that there’s no issue with PureVPN. ”Our VPN service is functioning 100% fine and there is no interruption whatsoever,” he wrote in an email.

The company is looking into the cause of the email, he continued, “we hereby confirm that, as we do not store any of our users’ credit card nor PayPal information in our on-site databases, there has been no compromise in our users’ personal billing information.”

VPN services are often utilized to have a more secure route for those worried about data compromises, they are not immune from attacks themselves.

TechCrunch was given a heads up on the breach due to one of PureVPN’s clients who claims he received this email on the 6th of october.  The customer sent Techcrunch the following letter, noting that his account was closed, and that his billing information was being handed over to authorities, who might be contacting him in future:

screen-shot-2013-10-06-at-13-43-39

A couple of hours later, his first email was followed up with another, which noted that the earlier email was fake:

“We are sending this note as a clarification,” the note said. “We are NOT closing down nor do we have outstanding legal issues of any sort. We have neither been contacted by any authorities nor do we store our user’s personal data to share with anyone.” The company says that while the VPN service remains fully operational “secure to the highest possible levels of encryption,” it has disabled the billing portal and client area while it is investigating the issue. The company is also postingupdates on its blog.

Gadit stated that the email appears to have hit only a subset of all of PureVPN’s users, and that only the users from China have been effected, with email IDs and names being the only data that appears to have been accessed.

“I confirm that the subset is NOT limited to Chinese users,” he says. “The motive is yet unclear.” Gadit says that PureVPN has hundreds of thousands of users from over 100 countries worldwide.

PureVPN then went on to state in a blog post monday that they were in fact effected by an attack via a zero-day exploit, to be more specific, the  WHMCS zero-day that has affected so many other hosting sites.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …