Hackers breach PureVPN website by exploiting a zero-day WHMCS vulnerability

Customers of the Virtual Private network provider "PureVPN" over the weekend started receiving a fake email claiming to be from the founder saying that "due to an incident we had to close your account permanently".

"We are no longer able to run an anonymization service due to legal issues we are facing" The fake email reads.

"We had to handover all customer’s information to the authorities unfortunately. They might contact you if they need any details about the case they are working on. The following information was handed over: your name, billing address and phone number provided during purchase and any documents we had on file (for example scan of your ID or driver’s license if you have provided these to our billing department)."

However, the Co-founder ,Uzair Gadit, said in the official blog post that the email is fake and confirmed the purevpn website hit by a security breach.

Hackers exploited a vulnerability in 3rd party application WHMCS and compromised the email IDs and names of registered users.

"We repeat no billing information such as Credit Card or other sensitive personal information was compromised." The blog post reads.

LulzSec hacker arrested over Sony attack

A second member of the LulzSec hacking was arrested by US authorities in connection with attacks on Sony Pictures Europe .

US police was arrested Raynaldo Rivera, 20, a member of the hacking group LulzSec, on charges that he took part in breach of the computer systems belonging to Sony Pictures Europe.

The indictment, which was unsealed on Tuesday, accuses Rivera and co-conspirators of stealing information from Sony Pictures Europe's computer systems in May and June 2011 using an SQL injection attack – which exploits flaws in the handing of data input for databases to take control of a system – against the studio's website.SQL injection, or SQLi, is an increasingly common technique used by hackers to break into systems.

The attack, which may have leaked credit card details for millions of users, has never been traced to any group – although Sony suggested not long afterwards that Anonymous might have been involved.Since then it has given no further details about who it suspects of carrying out the attack, and no data from the attack has ever been posted publicly.

"From a single injection we accessed EVERYTHING," the hackers said in a statement at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Authorities have said the Sony breach ultimately cost the company more than $600,000 (£378,000).
An accused British hacker, Ryan Cleary, 20, was indicted by a US grand jury in June on charges related to LulzSec attacks on several media companies, including Sony Pictures.

The rise of LulzSec saw a burst of similar "crews" aiming to hack sites, but since then Anonymous has focussed on providing an outlet for documents released by WikiLeaks.