On 1 Nov 2017 we became aware of unauthorized access to our konsoleH Control Panel database. We can confirm that a SQL injection vulnerability was identified within konsoleH, which has been corrected.
We shut down access to konsoleH during the course of the day while investigations proceeded .
While konsoleH Admin passwords have not been compromised, we have proactively updated all FTP passwords, which were exposed.
It is imperative that customers update all passwords associated with your Hetzner account immediately, including konsoleH admin passwords.
What information was exposed?
The following details have been exposed:
- Customer details (name, address, ID number (where applicable), telephone numbers and email addresses)
- Domain names
- FTP passwords
- Bank account details (cheque/savings). No credit card details are stored.
What do you need to do?
Read more: konsoleH Database Compromise
Message from Hetzner to clients
We’d like to thank our customers for your patience and support while we recover from the recent data breach. Here is an update on the changes we’ve made:
Read more: Hetzner Breach update