New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hetzner ZA (South Africa) was hacked!
Reset your password lads!
Comments
2fa ftw
oh no not the almost totally unused South African
branchunrelated companyEDIT: The title really needs to be updated to reflect that this is the ZA company which is unaffiliated with Hetzner Online GmbH as there's already been plenty of confusion.
Again.
So after they were hacked last time they figured it was still OK to store sensitive information in the database unencrypted, either that or the decryption key was also compromised in which case, this is much worse than even that article makes it out to be.
Why companies don’t invest in security and don’t security audits?
Most of the profitable organisations seek only profits instead of focusing on giving a damn about their security or customer satisfaction
Personally, I am trying to avoid such companies
Did you realize that it is the south african Hetzner and not the german one?
last time was in 2013 and it did not only affect webhosting (konsoleH) but the robot for the dedidacted/vserver customers.
interestingly there is nothing to read about that new incident in the german news (yet), so that gets me curious about where those infos are originating... a mail to affected customers maybe?
@Hetzner_OL any comment on that from marketing before it's all over the tech news like heise and co? ;-)
Hetzner Germany != Hetzner ZA
I see... so probably they use an older version of all those scripts and stuff and didn't spend the money to get upgrades then? would probably be interesting to hear about the actual connection between both businesses... maybe at least that is something Katie can clarify? :-)
edit: and of course I agree - @maher please change the title to reflect that important difference!
Every software can get hacked, its just a matter of time.
Even when you invest money into the security, you do only minimize the risks, you never gonna solve it.
Since that stuff is already kinda complex, no one can make it 100% secure.
If you do a application just on mathematical algorithms will be nearly 100% secure sure.
But there is still the margin of error from a human.
Are you sure this is completely separate ?
https://hetzner.co.za/data-centre/ Everything I see on this site implies it’s well connected with its German cousin.
They underplayed it last time and essentially lied about the impact, no reason to assume your account is safe no matter where it is.
Hetzner's South African branch had it's shared hosting database leaked.
It is, but it's not the same entity. Different management and staff.
Pizza Hut in Croydon and Pizza Hut on Baker Street also have different staff and different management. It doesn’t mean that one doesn’t impact another.
The ones that do, they get accused of not caring about the customer too. This to say, some customers will actively ask you to increase security while others will actively ask you to decrease it. At the end of the day, someone thinks you don't care about them.
But... Protecting data should be first priority
Pizza Hut in USA and Pizza Hut in UK would be a more valid comparison.
Too, heard about franchises ;-)?
Besides we’re not talking good or bad examples.
Hetzner ZA is a different company, run by different people, operating in a different country under different laws using a different network. Franchises are generally all run by the same upper management. I see what you're trying to say though.
This hack didn't impact anyone using Hetzner GmbH
Customers who wish to earn some extra cash could do a lawsuit on Hetzner according to Data Act
Changed the title to better reflect the actual company involved.
Not gonna happen though. Data leaks happen often here, and nothing ever happens.
I assume their main database for hetzner.com wasnt hacked but the south african one, correct?
Looks like the shared hosting database for the South African hosted services, but Hetzner ZA has not officially confirmed the scope of the breach beyond what was stated on their disclosure note here: https://hetzner.co.za/news/konsoleh-database-compromise/
Thank you.
But on the other side, a sql injection, should not be happening anymore in 2017.
@mikewazar source?
It seems unlikely they would store their own customer db on the same shared hosting that they sell. Thats a beginners mistake.
Sounds more like he’s saying that the shared hosting DB was compromised. (the DB isn’t actually on shared hosting)
The two Hetzners are not related. Different everything.