Hetzner Hacked

Published

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The German Web host Hetzner recently notified its clients that its technicians had discovered a backdoor in one of its Nagios internal monitoring systems (h/t The H Security).

“An investigation was launched immediately and showed that the administration interface for dedicated root servers (Robot) had also been affected,” Martin Hetzner stated in the notification letter. “Current findings would suggest that fragments of our client database had been copied externally. As a result, we currently have to consider the client data stored in our Robot as compromised.”

The malware involved in the attack, Hetzner wrote, was previously unknown. The company has hired a security firm to perform a detailed analysis, which has not yet been completed.

All clients are being asked to change their passwords, but Hetzner noted that only the last three digits of the credit card number, the card type, and the expiration date are saved in Hetzner’s systems, so the company is assuming that credit card data has not been compromised.

“Hetzner technicians are permanently working on localising and preventing possible security vulnerabilities as well as ensuring that our systems and infrastructure are kept as safe as possible,” Hetzner added. “Data security is a very high priority for us.”

Jeff Goldman Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required