A breach at billing and support software provider WHMCS exposed a half million customer usernames, passwords and credit cards. The companys founder, Matt Pugh, posted a statement saying the firm had fallen victim to a social engineering attack. Pugh: The person was able to impersonate myself with our web hosting company, and thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.”]
Source: https://krebsonsecurity.com/2012/05/whmcs-breach-may-be-only-tip-of-the-trouble/