Hetzner hacked again?

[Conack]

Last week there was an incident where a Hetzner client made a payment to what appears to have been an intercepted / spoofed email address. [Payment made to a scammer's bank account as a result]
3 days later my friend received a call from Hetzner about another client's email account that was hacked.

Today I heard another business, also hosted at Hetzner [managed by another local company], suffered an email breach today as well. [Payment made to a scammer's bank account as a result]

Coincidence, or anyone else received communications about something similar?

 

[initroot]

Is it an account hack/breach of the email account or a spoofed phishing mail that represents Hetzner doing rounds?

 

[CosmicMicrowaveRadiation]

It seems to be a phishing email floating around. Remember doing a reverse IP look up or reverse NS look up will display all domains hosted by a specific hosting company.

Scammers simply run this test and view all the "who is" information and simply prepare the phishing email and send it directly to the recipients.

Who is lookup basically provides them with so much information regarding the client that you could compile a phishing email which provides the victim with their hosting name, address, contact number, ip address, name servers, even the day & month that the domain name payment is due.

I personally disregard all emails and rule of thumb is to log into the account dashboard and physically view the invoice then proceed to payment.

 

[initroot]

Yea also figured its a phishing mail doing rounds.

Hetnzer should probably warn clients if this picks up.

 

[Conack]

Is it an account hack/breach of the email account or a spoofed phishing mail that represents Hetzner doing rounds?

Both, in separate cases.. Just found the timing rather odd, especially since it's different Hetzner clients/servers that were affected on the same day.