Web Hosting Provider Hacked

Monday, June 10, 2013 @ 06:06 PM gHale


Hacked.

That is what German-based web hosting provider Hetzner told its customers after discovering an unknown piece of malware in its internal monitoring systems.

The backdoor they’ve discovered is difficult to analyze, said company founder Martin Hetzner.

RELATED STORIES
Hacked: Drupal Suffers Breach
University of Illinois Hacked
Turkish Hackers Hit a City Website
Domain Registrar Hacked

“To our knowledge, the malicious program that we have discovered is as yet unknown and has never appeared before,” Hetzner wrote in a note to the company’s customers.

“The malicious code used in the ‘backdoor’ exclusively infects the RAM. First analysis suggests that the malicious code directly infiltrates running Apache and sshd processes. Here, the infection neither modifies the binaries of the service which has been compromised, nor does it restart the service which has been affected.”

The hosting provider has determined that the Robot, or the administration interface for dedicated root servers, has also been compromised, allowing the attackers to copy “fragments” of their customer database.

Hetzner said they hash (SHA256) and salt passwords, but the company still recommends users to change their passphrases as a precaution.

Complete credit card data ended up stored only on the systems of Hetzner’s payment service provider. However, the hosting firm also stores some partial credit card data, including last three digits of card number, card type and expiration date.

Hetzner said they haven’t determined precisely how many users will suffer with this incident.

The company called in an external security company to investigate the breach. In addition, the incident has gone to the German federal police (BKA), and the data security authority.

“Hetzner technicians are permanently working on localizing and preventing possible security vulnerabilities as well as ensuring that our systems and infrastructure are kept as safe as possible. Data security is a very high priority for us,” Hetzner said.



2 Responses to “Web Hosting Provider Hacked”

  1. […] Web Hosting Provider Hacked – Apparently, a German hosting company was hit by a malicious attack which featured software, that ‘”To our knowledge, the malicious program that we have discovered is as yet unknown and has never appeared before,” Hetzner wrote in a note to the company’s customers.’ This software hit the RAM alone, which most likely infiltrated Apache and sshd process. Their administrative software had also been compromised, allowing the attacker to copy pieces of customer data. Via ISS Source, more here. […]

  2. […] Web Hosting Provider Hacked – Apparently, a German hosting company was hit by a malicious attack which featured software, that ‘”To our knowledge, the malicious program that we have discovered is as yet unknown and has never appeared before,” Hetzner wrote in a note to the company’s customers.’ This software hit the RAM alone, which most likely infiltrated Apache and sshd process. Their administrative software had also been compromised, allowing the attacker to copy pieces of customer data. Via ISS Source, more here. […]


Leave a Reply

You must be logged in to post a comment.