mvandemar The CEO of Net Registry (Larry Bloch) posted this on the Whirlpool Forums regarding "hacked by hacker":
Before everyone gets too hysterical, here is the REALITY of this incident – and remember, this is a cPanel issue that can happen to any cPanel host or hosting account on cPanel if customers do not have secure permissions.
This is the background as to what has occurred.
Some clients have been exploited with website vulnerabilities and the hacker utilised symbolic links to gain access to other accounts on this cPanel server. Netregistry protects against this as much as possible by only allowing symlinks if the owner matches, however the hacker modified the vulnerable website htaccess file and overrode this setting.
You can read the full post here:
Furthermore the symbolic link Cpanel Vulnerability issue is discussed in great detail on the Cpanel forums. Some of the posts describe exactly what happened to HostPapa and net Registry and confirm what Larry Bloch from net Registry was saying (and also confirm that there are multiple ways to patch Cpanel to avoid this in the future).
Finally this is the reply I got from HostPapa Support on the issue:
Hack by hacker ran scirpts on the server accessing WP config files to get the credentials of the user then hack into the account. We ran a script to adjust personal client configurations of WP. We are dealing with the issue.
Both these companies "Marketing Teams" are trying to save face by calling it a WordPress vulnerability - however their Systems Administrators and even CEO know that it is a Cpanel Vulnerability and an issue that should have been fixed over a year ago. Based on the Cpanel forum conversation many Cpanel hosts have applied patches or workarounds as early as last year.