Cyber Incident Victim: Hetzner Online GmbH

On November 1, 2017, Hetzner, a major South African data center operator and web hosting provider based in Midrand, Johannesburg, disclosed a security breach involving unauthorized access to its konsoleH control panel database. The company detected the intrusion earlier that day and identified a SQL injection vulnerability as the attack vector, which was subsequently corrected. Immediate containment measures included shutting down access to konsoleH while investigations were conducted. Exposed data included customer names, physical addresses, telephone numbers, email addresses, domain names, FTP passwords, and bank account details for cheque or savings accounts, though no credit card information was stored or compromised. While konsoleH administrator passwords remained secure, Hetzner proactively reset all exposed FTP passwords to mitigate risks. Customers were instructed to change all passwords associated with their accounts immediately, including konsoleH admin credentials, and to notify any third parties with konsoleH access to update their login details.

Hetzner confirmed that customers whose FTP passwords were reset by the company would need to set new passwords to regain access, while those using additional FTP users were required to manually update passwords via konsoleH. Mailbox users were directed to change passwords through Hetzner’s webmail interface. The company engaged external forensic investigators, who were deployed on-site to analyze the breach’s scope and origin. In its public statement, Hetzner acknowledged the incident had eroded customer trust and emphasized its commitment to restoring confidence in its hosting services. No further technical specifics regarding the attackers’ identity, intrusion duration, or exact data exfiltration volume were disclosed in the available report.