subscribe: Daily Newsletter

 

Hetzner breach: users urged to update passwords

0 comments

Web hosting and managed server company Hetzner has experienced a security breach, and urges customers to update their passwords.
An “important security notice” on the organisation’s web site, reveals: “Our security has been compromised: please change passwords immediately.”
Hetzner reveals that, on 1 November, it became aware of unauthorised access to its konsoleH Control Panel database.
“We can confirm that a SQL injection vulnerability was identified within konsoleH, which has been corrected,” a statement from the company adds.
“We shut down access to konsoleH during the course of the day while investigations proceeded.”
While konsoleH Admin passwords weren’t compromised, the company has proactively updated all FTP passwords, which were exposed.
“It is imperative that customers update all passwords associated with their Hetzner accounts immediately, including konsoleH admin passwords,” it adds.
Hetzner says the following details have been exposed:
* Customer details (name, address, telephone numbers and email addresses);
* Domain names;
* FTP passwords; and
* Bank account details (cheque/savings). No credit card details are stored on the system.