Security

Hetzner admits to "security incident"

Hetzner says an "incident" may have exposed information like clients' names, contact information, bank account details as well as identity and VAT numbers.
Hetzner says an "incident" may have exposed information like clients' names, contact information, bank account details as well as identity and VAT numbers.

Data centre operator Hetzner, has disclosed a "security incident" involving customers' account information. This announcement comes almost a year after Hetzner revealed it had been hacked last November

In an email to customers the hosting company revealed that on 5 October, its technical team uncovered suspicious activity on its database.

"We acted swiftly, working around the clock, to patch the vulnerability from further coordinated attacks."

The incident however may have exposed clients' names, e-mail addresses, phone numbers, address details, debit order bank account details such as bank account numbers, identity numbers and VAT numbers.

Hetzner says that data that was not exposed, however, includes credit card detail (as this information is not stored on any of its systems), passwords and login credentials or Web site and email content.

"You do not need to take any action - we have the situation under control," the group told customers, but warned them to remain extremely vigilant to phishing scams.

It says that over the past year, it has significantly increased its measures to harden its systems against possible attack.

"This includes regular penetration testing and a comprehensive audit by independent cyber security specialists, with a dedicated team always working to strengthen our systems and the security of your data," it said.

"A comprehensive audit involving our security team and cyber security specialists is underway to ensure that our systems are secure. We can reassure you that your data security remains our top priority and that we take swift and decisive action to address threats whenever they are identified."

In November 2017 the group was hacked and customer details (name, address, telephone numbers and e-mail addresses), domain names, FTP passwords and bank account details (cheque/savings) were exposed.

At the time it said a SQL injection vulnerability was identified within its konsoleH control panel database, which was then corrected.

Have your say
Youtube play icon