Quick overview: They had a Nagios backdoor, which led to a leak of the customer database of their dedicated server administration console (Hetzner Robot).
They are not sure how it happened right know. External security experts are involved.
The customer passwords are SHA256 hashed (thank god!).
---
This one is really serious. With access to this admin console, you can wipe all dedicated servers with one single click. We advised Hetzer before to add more security (two-way authentication, etc.) to the console, but I think not much happened here...
They are not sure how it happened right know. External security experts are involved.
The customer passwords are SHA256 hashed (thank god!).
---
This one is really serious. With access to this admin console, you can wipe all dedicated servers with one single click. We advised Hetzer before to add more security (two-way authentication, etc.) to the console, but I think not much happened here...