Major Security Breach at Hetzner Data centre
#1
Looks as though there is another major security breach and this time round at Hetzner - a very big Data centre in Germany. What makes the breach significant is that if one registers for a hosting account Hetzner requires a whole bunch of identification documents, particularly since payment is through bank debits instead of credit cards.  So banking information could have been compromised.

Here's more info about the breach from three sides of the story:

Hackers News
https://news.ycombinator.com/item?id=5833181

Hetzner - it's obvious they are taking it seriously
https://hetzner.co.za/news/a-word-from-our-ceo/

South African story
https://www.fin24.com/Tech/News/explosiv...h-20171102

One of the free hosting accounts I have is with Hetzner.  Have a feeling it's going to be OK however.  I have plenty of respect for this web host.  I almost signed up for a VPS with them a year ago, except when I learned that I couldn't do it with my debit card, I had to give up.  Their finance system is a bit antiquated and probably landed them in hot soup when it was breached.
#2
Huh? The ycombinator link is really old. Exactly 1617 days ago. That is over 4 years old. It probably is not related to this hack but the a previous one? And the link to the current security incidents from the ycombinator link is dead. Actually this link at ycombinator is from a hack in 2013: https://lowendtalk.com/discussion/10981/...got-hacked

The current hack is a new one: https://www.lowendtalk.com/discussion/12...was-hacked
#3
i am a big admirer of Hetzner german one. they are awesome in almost every respect .

what we must remember is hetzner s africa is not hetzner de. different management and team .
Many thanks to Freevps, Chris (cw1998), The Guy( ID 4810), optimus, GHP and the other  staff members.
#4
Note that it's Hetzner ZA (South Africa) that got hacked and not Hetzner Online GmbH (the German company). Wikipedia says that the two companies are "separate companies within their own rights, registered and incorporated under their applicable country laws. The companies do not have the same shareholders."

From reading the Fin24 article linked in the original post, the hack was due to SQL injection through their control panel. Secondly, according to the Hetzner ZA press release linked in the original post, the FTP and database passwords are stored in plaintext. Just abysmal security practice.

The information leaked from this breach is
  • name, id, contact details
  • domain names
  • ftp passwords
  • bank account details

Companies in charge of other people's sensitive information really really needs to be made accountable for doing a poor job of securing those information.
#5
(2017-11-10, 4:15:02 am)Hidden Refuge Wrote: Huh? The ycombinator link is really old. Exactly 1617 days ago. That is over 4 years old. It probably is not related to this hack but the a previous one? And the link to the current security incidents from the ycombinator link is dead. Actually this link at ycombinator is from a hack in 2013: https://lowendtalk.com/discussion/10981/...got-hacked

The current hack is a new one: https://www.lowendtalk.com/discussion/12...was-hacked

Apologies for the confusion and thanks for sorting this out @Hidden.  Particularly for posting the lowendtalk link.  This post in the discussion was the most meaningful for me:

Quote:The title really needs to be updated to reflect that this is the ZA company which is unaffiliated with Hetzner Online GmbH as there's already been plenty of confusion.
https://www.lowendtalk.com/discussion/12...was-hacked

Also thanks to @thirthy_speed for doing the research.  Just can't believe however how similar the two look - like the post in the lowend discussion says they're not affiliated, but check what their IDs look like - it's easy to mistake that the one in South Africa is directly linked with the one in Germany - in fact, the logo of the one in South Africa is so well developed, including the Favicon, it looks even more genuine than the higher quality Hetzner GmbH of Germany.  Click around the Hetzner GmbH Website and the one in South Africa the one in South Africa looks better.  

Note if you check out the data centre page of the South African Hetzner, they make reference to Hetzner in Germany - the only page I could find the South African company makes direct reference to the German one.  But then there's also a reference to German Colocation and also a link to the konsoleH Control Panel that has the same feel about it as Hetzner GmbH of Germany:
https://login.konsoleh.co.za/cas/login?s...Flogin.php

Here's the "logo" of South African Hetzner:
https://hetzner.co.za/ 
If you check the copyright at the bottom of the page it says 1999-2017 so they've been around for a long time.  If you check through the Website if has a feel of a very large professional data center with a solid reputation.
[Image: RvVxY3D.png]

And here's the logo from the authentic Hetzner Online GmbH:
https://www.hetzner.com/

[Image: logo-hetzner-online.svg]

If it's true that the Hetzner in South Africa is not affiliated with Hetzner in Germany, then I can only imagine Hetzner.com in Germany must be fuming mad about the similarity particularly after the break of this security story.  Or who knows, maybe there's a special reason for the similarity as I haven't seen any denials reported by Hetzner GmbH from Germany?  Definitely baffles the mind.  Makes me happier though that the two are separate business entities as at least I know the hosting space I'm on from Germany Data Centre passwords must be in a safer situation.  Or at least we hope so.
#6
At first when I saw the topic I immediatly thought about the german company which is selling servers/webhostings etc. and couldn't believe that they got a security breach. After reading the replies found out that it was the SA partner.

Anyhow, I read that the security breach was caused by a SQL injection vulnerability was identified within konsoleH and it has been corrected already.
Thank you Evolution-Host and FreeVPS for the VPS 6

[Image: img.php?userid=19316]
#7
I don't get what those hackers get for hurting other's property (fun? or money?)
Thank you Hostigation and FreeVPS for VPS 18.
Check out Hostigation's awesome KVM VPS Plans.
My Post Count:
[Image: img.php?userid=20886]
#8
(2017-11-14, 3:43:02 am)Super Wrote: I don't get what those hackers get for hurting other's property (fun? or money?)

It is indeed for the money, since it is an hosting company, people used to put their bank/credit card details in there.
There is also a chance that the account details are used for multiple site, which makes the user even more vulnerable.
Thank you Evolution-Host and FreeVPS for the VPS 6

[Image: img.php?userid=19316]




Users browsing this thread: 1 Guest(s)

Switch to mobile version

Sponsors: Ftpit - ZXPlay - GalaxyHostPlus - Verelox- HostUS - Host4Fun - Evolution-Host - NodeBlade - HostDare - VPSMost


BitCoin donations: 1DQxbstaTb5SWk6QC2gFeQUTFR64JX4cEo