Data centre operator Hetzner hacked

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 02 Nov 2017
A SQL injection vulnerability was identified within Hetzner's database.
A SQL injection vulnerability was identified within Hetzner's database.

One of SA's largest hosting companies, data centre operator Hetzner, has been hacked.

Hetzner says it provides about 40 000 customers with Web hosting, self-managed servers, managed servers, co-location and custom hosting solutions.

On its Web site, the company says on 1 November, it became aware of unauthorised access to its konsoleH Control Panel database.

"We can confirm that a SQL injection vulnerability was identified within konsoleH which has been corrected. We shut down access to konsoleH during the course of the day while investigations proceeded.

"While konsoleH Admin passwords have not been compromised, we have proactively updated all FTP passwords which were exposed."

Hetzner adds it is imperative customers immediately update all passwords associated with Hetzner accounts, including konsoleH admin passwords.

Following the hack, customer details (name, address, telephone numbers and e-mail addresses), domain names, FTP passwords and bank account details (cheque/savings) were exposed. No credit card details are stored, says Hetzner.

The company urges customers to update all database access passwords.

"While we have updated all FTP passwords, customers will need to reset this password to gain access. If you have made use of an additional FTP user, please manually update these passwords via konsoleH.

"Should you have provided konsoleH access details to any other parties, please advise them to update their login details as soon as possible. Mailbox users are able to update their passwords via our Webmail interface."

Hetzner says it has external forensic investigators on site working round the clock with its team. "We understand this event has shaken your confidence in us. It is our earnest commitment to provide you with a hosting service you can trust."