Lots to point out on this one
1. Sending out a timely message to alert customers - no excuses - contingency plans should be in place for such a thing everywhere. Even if you run a daycare center.
2. The LET thread AnthonySmith started - it's curious - but read my just above post. I don't think it's legit/as it seems. Sure wasn't last time and people jumped and slapped wrongly.. Big mess that was. Different people involved on both sides then.
Poor Anthony, he called me a foil hat all this time. Welcome to reality @AnthonySmith.
3.
The "safe" confirmation is bullshit since there is a copy of the database floating around, the hacker (and probably many other people if the DB is available) had access to passwords, usernames, etc.
I think, but I am operating on fumes lately (slammed with real work and pace of these events is deafening) - I've said, perhaps not in public:
A. The "Russian" poster - that data from epoch data anaylsis I did 10 hours ago(?) shows that dump appears to be from December to Janauary.
B. There were only 2 admin tables posted, but it was from a MySQL dump and intentionally snipped off. Meaning, there is at least an old database potentially floating.
C. The Russian 2 table dump, that was a SolusVM dump. I am pretty sure, although I haven't bugged anyone in the know, but the current dump/hack/script in stupid place/with stupid permission MAY have been for WHMCS.
D. We have 2 databases known - one excerpted from Dec-Jan and one from ahhh yesterday. The one from yesterday, no one has. 2 IPs accessed it - one was the implicated party over there - the other was Jonny himself after being told about the explot, permission, file issue.
FULLY possible others exist. But for now, in the past 24 hours and disclosure of current customer data, hasn't happened.
Unsure where they back things up to currently, but could be another leaking vector.
4.
How many people has he got helping him this time, publicly at least 2 or 3, maybe 4
At least 2, plus any "staff", plus it is wise to assume other contractors and outsourced folks. This would include the Indian helpdesk everyone wants to know about. Which, if you look someone power posted on that LET mega thread about them with other accusations. Not saying they have anything to do with the current drama, but more big question marks...
Of course, Jonny probably contacted another 6-12 people when the event was brand new and had people start looking around. Seems to be part of the pricing arrangment - job assessment - bidding. Which creates ahhh stepped on weird things during "emergency".
Sorry, probably missing something, will review comments and reply.