Hetzner’s konsoleH database was recently compromised, which exposed customer details, FTP passwords, domain names, and banking details.
Hetzner said the hackers used an SQL injection vulnerability to gain access to the database. The vulnerability has since been fixed.
Hetzner CEO Hans Wencke has now written to Hetzner clients, apologising for the data breach and the problems it caused.
The letter is published in full below.
We are deeply distressed by the data breach that has taken place at Hetzner. Allow me to offer our sincere apologies.
If you haven’t already done so, I urge you to update all passwords associated with your Hetzner account immediately. We realise this takes time and effort and we are sorry for the inconvenience required to recover from the breach. We offer our full support to assist you – our 24/7 team is standing by to help you shoulder this administrative burden.
I would like to personally assure you that we have addressed the breach and are working around the clock to identify other similar vulnerabilities.
Due to the breach, we must unfortunately assume that our customers’ data has been compromised. While we are able to see where and how the data was accessed, there is no way for us to determine how the exposed data will be used.
Why have we been storing FTP and database passwords in plaintext? So that our support team could assist our customers by having this information on hand. We believed that the security measures we put in place were adequate to protect these passwords. We were wrong. We are making the necessary changes that will allow us to delete all plaintext versions of FTP and database passwords.
We have always prided ourselves on being Trusted in Hosting. We understand that we have let you down. Trust is built one step at a time: with every customer conversation, every decision, every system update, every security patch, every effort we put into ensuring the stability and scalability of our platform. We will not let this breach define us as a company. We will work to regain your confidence. I firmly believe we will continue to provide you with a hosting service you can trust.
We will keep you informed every step of the way. The FAQs on our website are regularly updated and all of our support channels are available to you. Please contact us with any queries: we are all standing by to support you.
CEO, Hetzner South Africa