Hetzner South Africa, the South African subsidiary of Germany's Hetzner Online, has advised customers that it has been a victim of a "security incident" which likely exposed all their customers data. The security incident, according to Hetzner, was uncovered by their technical team on 5 October 2018 when they apparently noticed "suspicious activity."

The ISP has said that they have since fixed the vulnerability that exposed customer data.

"Online platforms around the world have been under severe attack this year. Even with our best efforts to stay one step ahead, we would like to inform you of a security incident involving your Hetzner account information,” said Hetzner in an e-mail to customers.

Shifting the blame?

What is interesting is that Hetzner started their statement to customers in a manner that sounded like they were shifting the blame and not taking responsibility for the incident by saying that "online platforms around the world have been under severe attack this year." Furthermore, Hetzner has not been forthcoming with details of the "vulnerability"in their network and systems that led to the security incident but insists that it was not their fault and that they did their best.

Hetzner has said that the following customer data was exposed:

  • Name
  • E-mail address
  • Phone number(s)
  • Address details
  • Debit Order bank account details such as your bank account number.
  • Identity number
  • VAT number

Another security breach at Hetzner

This is not the first time that Hetzner has suffered a data breach. Barely a year ago, the ISP suffered a hack on its konsoleH system which led hackers to a full list and database of customers login credentials, among other customer data, stored in plain text.

This time around, Hetzner seems to have suffere, probably, again due to negligence considering that they say that they have managed to fix the problem. More worrying is that, as an ISP, many individuals and organizations trust Hetzner with their various ICT requirements and would expect the company to have a secure network and systems.

I caught up with Hetzner to try and get more details on the incident.

iAfrikan: How many of your clients are affected by this data breach?

Hetzner South Africa: As this database contains information pertaining to all our clients, all clients information may have been exposed.

Is this incident linked to the previously leaked database of Hetzner customers' authentication details?

Friday's intrusion involved a different attack vector which wasnt through konsoleH. This intrusion was a sophisticated and complex attack, requiring a number of steps and interventions. The exploit vector wasnt discovered even by external security experts during our various penetration tests.

We would like to reassure you that your data security remains our top priority and that we take swift and decisive action to address threats whenever they are identified.

How did Hetzner discover this breach/suspicious activity?

On Friday, 5 October, our technical team uncovered suspicious activity on our network.

What exactly was the suspicious activity discovered?

For security reasons, this information will not be disclosed.How has this been fixed?Please be advised that we will not be able to provide specifics on this for security purposes. I am only able to confirm that the matter has been attended to and that information is once again secure.

How can customers protect themselves going forward?

This had been completely on our side, and there is nothing that our clients would have been able to do on their side in this regard.

We deeply regret this incident and would like to apologize for the concern this has created. We would like to reassure you that your data security remains our top priority and that we take swift and decisive action to address threats whenever they are identified.

We will always endeavour to be transparent in sharing incidents that affect our customers. Our intention is to be sincere in our communication with you. We would like to apologise if you feel that we haven't fully succeeded in our intention with this incident.


Cover image credit: Hetzner South Africa website.