Share :

BREAKING NEWS: HENDRIXCP DATABASE BREACH

The recent database leak spike has continued to grow, this time playing victim to Hendrix CP.

Just moments ago, Hendrix CP took the hit to face the next database breach in the chain of servers being attacked. With allegedly more to come.

This time a Luna CPPS, faced the massive security blow, leaving the database out to be made public, by “h4x0rr”, threatening to go against other servers such as RubyCP & CPPS.one next.

This leak contains usernames,  IP addresses, and MD5 hashed passwords (which can easily be decrypted) belonging to 62 user accounts.

ABOVE IS A SNIPPET OF THE LEAKED DATABASE.

The hacking method was also revealed with the leak, stating:

Method of hacking: Backdoor exploiting through the source.

Although, the creator of Luna has dismissed these reports, stating that the register could have been exploitable.

A representative from HendrixCP, Zaseth, has left us with the following statement in regards to the database leak:

i would just like to announce that the database of HendrixCP got leaked. I myself done my best to avoid this but Baatzn continued to develop on his own and this was probably the issue. I fighted the person over FTP and removed the shells. He currently is still uploading shells and he has access to the server. I did all I can do since I have limited access (Not able to change passwords etc) I hope you will see that this was not my fault. @Baatzn decided to develop on his own after I fixed some security issues, but he already made more than I fixed. So again, the database got breached and you MUST change your passwords. Update: VPS is gone. Ubuntu has been removed. Either way there was SQL injection in Luna and that way he dropped the shells with queries and got access to the VPS or someone gave him the FTP password

Only time will tell if there will be more leaks following this incident, but this is a wake-up call to server owners to not take security lightly. Speedy CPPSHQ will increase awareness before posting on any server that we think may be insecure, as we believe we have the liability to provide you with a safe server to enjoy.

We will bring you more news when it comes,

Thanks,
Michael

Share :

About  

hi!

1 Comment

  1.   May 13, 2017, 8:42 pm

    The FTP password was in #directors chat.
    People in that chat:
    Simplicity#6719
    lonifar#4645
    Daniel#1572 <- Randomly left before the breach and was saying HendrixCP is crap
    Baatzn#5684
    I advise to not trust these users.
    Always keep your FTP password to yourself.
    For any questions, add me on Discord: Zaseth#7550

Leave a Reply

Leave a Reply

Your email address will not be published.