Hetznet web hosting hacked, emailed users to change password

The hosting company “Hetznet” has fallen to a cyber attack caused by an unknown malware in its internal systems.

Hackers have managed to to gather customer data. The intruders also have accessed the customers hashed passwords and their payment information.

Company founder Martin Hetzner sent a notification message that stated:

“To our knowledge, the malicious program that we have discovered is as yet unknown and has never appeared before.”

“The malicious code used in the “backdoor” exclusively infects the RAM. First analysis suggests that the malicious code directly infiltrates running Apache  and sshd processes. Here, the infection neither modifies the binaries of the  service which has been compromised, nor does it restart the service which has  been affected,” he added.

The hosting service identified that it first found a backdoor on one of its monitoring servers(Nagios). Subsequent investigations revealed that the Robot management interface for dedicated servers had also been compromised, and that the intruders had also accessed the stored customer data there.

Hetzner says the passwords are hashed (SHA256) and salted, but changing the customer’s passwords is recommended.

In addition, the hosting company said that the German Federal Criminal Police Office (BKA) has been informed.

You can read the full report of the incident here and email sent to customers.