URGENT Security Notice Action Required - Comcities.com
- Saturday, 30th December, 2023
- 10:17am
Dear Clients,
We have received a notification from a third party that an unauthorized entity accessed our WHMCS installation through an exploit found in a whmcs module we were using. We do not believe that any PayPal or credit card data has been breached since we do not store card details on our servers. However, as a precaution, we strongly recommend that all our users change their login passwords as soon as possible and take necessary backups for their safety.
To prevent any further damage, we have taken the following measures:
1. We have isolated and disconnected all hosting servers from the WHMCS billing system.
2. The installation of my.comcities.com has been completely disabled.
3. We are currently reprovisioning the instance where our WHMCS installation is hosted, and you can access a fresh installation from https://login.comcities.com.
4. We have no plan to use any fancy modules at this time, and only the original WHMCS system will be used for some time from now.
5. Until we update, you don't need to pay for our services, and no service will be suspended.
6. We have invalidated and replaced all API keys and account passwords for all staff, including the master keys for PayPal and Paddle.
We also want to remind our clients of the importance of regular backups, encourage everyone to maintain their backups independently, and change all hosting login details as soon as possible.
We apologize for any inconvenience caused by this incident.
This email was sent to all active/inactive and closed account holders @ my.comcities.com
