Hetzner hacked again?

Conack

Expert Member
Joined
Oct 3, 2005
Messages
2,054
Last week there was an incident where a Hetzner client made a payment to what appears to have been an intercepted / spoofed email address. [Payment made to a scammer's bank account as a result]
3 days later my friend received a call from Hetzner about another client's email account that was hacked.

Today I heard another business, also hosted at Hetzner [managed by another local company], suffered an email breach today as well. [Payment made to a scammer's bank account as a result]

Coincidence, or anyone else received communications about something similar?
 

initroot

Senior Member
Joined
Jul 30, 2011
Messages
865
Is it an account hack/breach of the email account or a spoofed phishing mail that represents Hetzner doing rounds?
 
Joined
Feb 19, 2019
Messages
9
It seems to be a phishing email floating around. Remember doing a reverse IP look up or reverse NS look up will display all domains hosted by a specific hosting company.

Scammers simply run this test and view all the "who is" information and simply prepare the phishing email and send it directly to the recipients.

Who is lookup basically provides them with so much information regarding the client that you could compile a phishing email which provides the victim with their hosting name, address, contact number, ip address, name servers, even the day & month that the domain name payment is due.

I personally disregard all emails and rule of thumb is to log into the account dashboard and physically view the invoice then proceed to payment.
 

initroot

Senior Member
Joined
Jul 30, 2011
Messages
865
Yea also figured its a phishing mail doing rounds.

Hetnzer should probably warn clients if this picks up.
 

Conack

Expert Member
Joined
Oct 3, 2005
Messages
2,054
Is it an account hack/breach of the email account or a spoofed phishing mail that represents Hetzner doing rounds?

Both, in separate cases.. Just found the timing rather odd, especially since it's different Hetzner clients/servers that were affected on the same day.
 
Top