Hackers breach web hosting provider for the second time in the past year

Company hacked again despite claiming to have boosted security measures and undergone a security audit.
Written by Catalin Cimpanu, Contributor

The South African branch of Hetzner, a well-known web hosting provider, has suffered its second security breach in the past year, ZDNet has learned from the company's customers.

According to an email affected users received this week, this second breach came to light last week, on Friday.

"On Friday, 5 October, our technical team uncovered suspicious activity on our database," the web host said. "A comprehensive audit involving our security team and cyber security specialists is underway to ensure that our systems are secure."

The company said the attacker managed to gain access to customer details such as names, email addresses, phone numbers, addresses, identity numbers, VAT numbers, and bank account numbers.

This is usually the type of data customers provide for invoicing purposes. Hetzner said the hacker didn't get access to payment card details, passwords, or users' website and email content.

While no highly sensitive details were exposed, according to the company, Hetzner did urge users to keep an eye out for phishing scams. The company believes, and for good reasons, that hackers might try to weaponize the data they stole to send customized phishing emails that may trick users into handing over the data they were not able to retrieve from its servers, such as account logins or card information.

This incident marks the second breach Hetzner online disclosed in the past 12 months. The first hack took place last year in November 2017.

Details about the first hack are available on the company's blog. Hetzner said an attacker (or attackers) used an SQL injection vulnerability to gain access to the company's "konsoleH" Control Panel database.

About the same type of customer details were stolen in that incident as well, but also FTP passwords, which the company promptly reset.

Around 40,000 customers were affected by that incident. A Hetzner South Africa spokesperson did not respond to a request for comment from ZDNet seeking information about the scope of this second breach.

Hetzner South Africa should not be confused with its German namesake, Hetzner Online.

"We at Hetzner Online are working independently from Hetzner South Africa," said a spokesperson. "We are partner and family connected, but do not share client information/databases. We develop our systems completely separately in Germany."

Nonetheless, the German branch didn't escape unhacked either, suffering a security breach in 2011, and again in 2013.

Hetzner South Africa has been heavily criticized online this week for this latest security breach, and especially for its notification email, which tried to play down the incident in the first two sentences. Users also criticized the company for getting hacked after claiming to have boosted security measures and undergone a security audit. Its full text is available below.


Previous and related coverage

Editorial standards