Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.
As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately. Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.
was the message I received this morning from whmcs. I looked through a few old support requests and sure enough in troubleshooting some issues my server login details are available in those requests.