The German Web host Hetzner recently notified its clients that its technicians had discovered a backdoor in one of its Nagios internal monitoring systems (h/t The H Security).
“An investigation was launched immediately and showed that the administration interface for dedicated root servers (Robot) had also been affected,” Martin Hetzner stated in the notification letter. “Current findings would suggest that fragments of our client database had been copied externally. As a result, we currently have to consider the client data stored in our Robot as compromised.”
The malware involved in the attack, Hetzner wrote, was previously unknown. The company has hired a security firm to perform a detailed analysis, which has not yet been completed.
All clients are being asked to change their passwords, but Hetzner noted that only the last three digits of the credit card number, the card type, and the expiration date are saved in Hetzner’s systems, so the company is assuming that credit card data has not been compromised.
“Hetzner technicians are permanently working on localising and preventing possible security vulnerabilities as well as ensuring that our systems and infrastructure are kept as safe as possible,” Hetzner added. “Data security is a very high priority for us.”