Following an initial investigation I can report that what occurred today was the result of a social engineering attack.
The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.
This means that there was no actual hacking of our server. They were ultimately given the access details.
This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself.
We are immediately reviewing all of our hosting arrangements, and will be migrating to a new setup at the earliest opportunity.
I would like to take this opportunity to thank all of you who have sent in messages of support, and offers of help. It has clearly been a very stressful time, and I thank everyone both personally and on behalf of WHMCS for their loyalty and support.
The matter is now in the hands of the FBI.
Posted by Matt on Monday, May 21st, 2012