Hetzner discloses new security ‘incident’

Less than a year after a severe data breach affected data centre provider Hetzner, the company has disclosed to its clients that their details may have been compromised in another “security incident”.

In an e-mail to customers on Tuesday, seen by TechCentral, Hetzner said that last Friday its technical team “uncovered suspicious activity on our database. We acted swiftly, working around the clock, to patch the vulnerability from further coordinated attacks,” it said.

Details than may have been exposed include client names and e-mail addresses, telephone numbers, addresses, debit order bank account details including bank account numbers, identity numbers, and VAT numbers. It said the bank account information “is readily available and often provided for invoice purposes”.

Data that has not been exposed includes passwords and login credentials as well as website and e-mail content.

“There is no action to be taken on your side,” Hetzner said. “However, as always, we do recommend that you remain extremely vigilant to phishing scams.”

It added that a comprehensive audit involving its security team and cybersecurity specialists is underway to ensure its systems are secure.

“We can reassure you that your data security remains our top priority and that we take swift and decisive action to address threats whenever they are identified,” it said. It assured customers that it has the situation “under control”.

‘Penetration testing’

“Over the past year, we have significantly increased our measures to harden our systems against possible attack. This includes regular penetration testing and a comprehensive audit by independent cybersecurity specialists, with a dedicated team always working to strengthen our systems and the security of your data.”

In November 2017, Hetzner South Africa CEO Hans Wencke apologised to customers affected by a data breach on the company’s systems, saying it was “deeply distressed” by the incdent.

The company revealed at the time that it had been hacked and advised clients to change their passwords. Hackers had gain “unauthorised” access to its konsoleH control panel. The company had come under fire for storing users’ passwords in plain text, something Wencke admitted was an error of judgment.  — © 2018 NewsCentral Media