Secure networking provider PureVPN and their customer base were the target of an attack over the weekend that hinged upon a critical zero-day vulnerability in client management WHMCS’s product versions 5.2.7 and 5.1.9 which was disclosed last week, for which exploits have already been distributed in the wild.
“The vulnerability allows an attacker, who has valid login to the installed product, to craft a SQL Injection Attack via a specific URL query parameter against any product page that updates database information,” WHMCS stated in a security bulletin.
The vulnerability allowed the attackers to send a faux email to PureVPN’s clients stating the company was ceasing operations due to legal entanglements, and that all of the company’s customer private data was surrendered to authorities.
“This morning some of our users have received a fake email and we are putting this blog post as a clarification. We are NOT closing down nor do we have outstanding legal issues of any sort. We have neither been contacted by any authorities nor do we store our user’s personal data to share with anyone,” said Uzair Gadit, Co-founder, in a blog post.
“Our VPN service is functioning 100% fine and there is no interruption whatsoever. While we are investigating the cause of the email, we reemphasize that, as we do not store any of our users credit card nor PayPal information in our on-site databases, there has been no compromise in our users billing information… We are able to confirm that the breach is limited to a subset of registered users Email IDs and names,” and update stated.
“In wake of the hack attempt we have been continuously testing our systems for any further possible security lapses. It been more than 36 hours now since the incident and we want to reassure our valued users that all systems including the Client area, Billing Systems, Support center as well as all the systems of the VPN service including the VPN servers are functioning 100% well,” a third update stated.
No reports have been made of their being other victims of a similar exploit, and a patch for the vulnerability can be found here.