Data centre operator and website host Hetzner has disclosed a breach of its konsoleH Control Panel database.

The firm says that the database was compromised by a SQL injection. The vulnerability has been patched but the amount of data that was compromised is cause for concern.

Hetzner says that customer details (including names, addresses, telephone numbers and email addresses), domain names, FTP passwords and bank account details (whether the account was cheque or savings) have all been exposed.

“It is imperative that customers update all passwords associated with your Hetzner account immediately, including konsoleH admin passwords,” said Hetzner on it’s website.

These passwords include database access passwords and FTP passwords.

As an extra precaution the firm has advised users also update email and konsoleH Control Panel passwords.

“We have external forensic investigators on site working round the clock with our team. We understand that this event has shaken your confidence in us. It is our earnest commitment to provide you with a hosting service you can trust,” said Hetzner.

Back in 2011 Hetzner’s German division suffered a breach where it was discovered that passwords were stored without encryption.

Whether this was the case with the Hetzner South Africa breach remains to be seen but for now if you use Hetzner services you might want to spend the morning updating passwords.

[Source – Hetzner]
Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.