Hackers have managed to to gather customer data. The intruders also have accessed the customers hashed passwords and their payment information.
Company founder Martin Hetzner sent a notification message that stated:
“To our knowledge, the malicious program that we have discovered is as yet unknown and has never appeared before.”
“The malicious code used in the “backdoor” exclusively infects the RAM. First analysis suggests that the malicious code directly infiltrates running Apache and sshd processes. Here, the infection neither modifies the binaries of the service which has been compromised, nor does it restart the service which has been affected,” he added.
The hosting service identified that it first found a backdoor on one of its monitoring servers(Nagios). Subsequent investigations revealed that the Robot management interface for dedicated servers had also been compromised, and that the intruders had also accessed the stored customer data there.
Hetzner says the passwords are hashed (SHA256) and salted, but changing the customer’s passwords is recommended.
In addition, the hosting company said that the German Federal Criminal Police Office (BKA) has been informed.