We are aware that WHMCS customers may have received ransom notices. These notices claim data exfiltration that have occurred in different ways. The notice names the following businesses as their targets:

• RSStudio
• WHMCS Services
• WHMCS Global Services

WHMCS has notified these businesses, and is in active communication with them. There has been no claim that there are vulnerabilities in the WHMCS software.

We are currently assessing the claims and assisting the businesses. Each of the businesses have let us know that they have informed their customers, and provided patches, if applicable.

For specific information from each vendor please use the corresponding link:

• RSStudio: https://lagom.rsstudio.net/contact/
• WHMCS Services: https://www.whmcsservices.com/contact.php
• WHMCS Global Services: https://whmcsglobalservices.com/recent-security-vulnerability-update/

If you have not patched, or taken steps recommended by the businesses, we recommend that you deactivate and uninstall their extensions and themes. We understand that doing so might impact your business operations. However, this conservative approach is an important risk mitigation to ensure the continuity and safety of your clients and business.

WHMCS takes security seriously, and supports its customers and the WHMCS ecosystem. Please contact us here if you have any questions.