PureVPN compromised, root is pointed to WHMCS zer0 day

A Virtual Private Network provider, PureVPN, has confirmed on its update yesterday, it may have been victimized by hackers and preliminary reports suggested, the company is hit by the WHMCS zer0-day.

However, the VPN provider confirmed the hack is only limited to a ‘subset’ of registered users Email IDs, names and users billing information is not compromised. It has also added that no users credit card nor PayPal information are stored in on-site databases.

The blog update followed shortly after PureVPN users were receiving bogus notifications, for instance, their PureVPN accounts are closed.

“I’m sorry to inform you that due to an incident we had to close your account permanently. We are no longer able to run an anonymization service due to legal issues we are facing.”

We had to handover all customer’s information to the authorities unfortunately. They might contact you if they need any details about the case they are working on. The following information was handed over: your name, billing address and phone number provided during purchase and any documents we had on file,” bogus email reads as signed accordingly by PureVPN founder, Uzair Gadit.

Source : Softpedia | PureVPN blog.