Details here:
https://hetzner.co.za/news/konsoleh-database-compromise/
On 1 Nov 2017 we became aware of unauthorized access to our konsoleH Control Panel database. We can confirm that a SQL injection vulnerability was identified within konsoleH, which has been corrected.
We shut down access to konsoleH during the course of the day while investigations proceeded .
While konsoleH Admin passwords have not been compromised, we have proactively updated all FTP passwords, which were exposed.
It is imperative that customers update all passwords associated with your Hetzner account immediately, including konsoleH admin passwords.
WHAT INFORMATION WAS EXPOSED?
The following details have been exposed:
- Customer details (name, address, telephone numbers and email addresses)
- Domain names
- FTP passwords
- Bank account details (cheque/savings). No credit card details are stored.
WHAT DO YOU NEED TO DO?
Customers should update the following passwords immediately:
- While we have updated all FTP passwords, customers will need to reset this password to gain access
- If you have made use of an additional FTP user, please manually update these passwords via konsoleH
- All email passwords that have not been updated within the last 6 months)
- All database access passwords. Note, you will need to update your web application database connection strings.
- While this password was not compromised, we recommend that konsoleH Control Panel login password
Should you have provided konsoleH access details to any other parties, please advise them to update their login details as soon as possible. Mailbox users are able to update their passwords via our Webmail interface (webmail.konsoleh.co.za).
We have external forensic investigators on site working round the clock with our team. We understand that this event has shaken your confidence in us. It is our earnest commitment to provide you with a hosting service you can trust.
