Hetzner ZA (South Africa) was hacked!

mikewazar

@SplitIce said:
@mikewazar source?

It seems unlikely they would store their own customer db on the same shared hosting that they sell. Thats a beginners mistake.

I linked the source. As mentioned I didn’t say that their customer db was hosted on their shared environment, but rather that the db relating to their shared environment was breached.

This breach comes after Hetzner’s statement about the 70million record breach of South African citizens’ information, which was stored on a Hetzner server, not being Hetzner’s doings claiming that their services are securd... I guess someone took that as a challenge.

SplitIce

@mikewazar I can't see where it states that their shared hosting databases were compromised anywhere in that statement.

William

mikewazar said: It is, but it's not the same entity. Different management and staff.

Partially same owners ultimately. So absolutely not relevant outside of a legal perspective - Hetzner DE is not liable, but it is for all that matters the same company.

oneilonline said: The two Hetzners are not related. Different everything.

Pls get correct information.

Hetzner ZA is to Hetzner DE what OVH telecom is to OVH SARL. Not same entity, not entirely same owner set, but same key people.

AnthonySmith

William said: Hetzner ZA is to Hetzner DE what OVH telecom is to OVH SARL. Not same entity, not entirely same owner set, but same key people.

Using the same backend I would imagine.

Clouvider

@AnthonySmith said:

William said: Hetzner ZA is to Hetzner DE what OVH telecom is to OVH SARL. Not same entity, not entirely same owner set, but same key people.

Using the same backend I would imagine.

Possibly, potentially replicated and separated since the EU Customer Data couldn’t be easily hosted outside of EU for compliance

Falzo

@Clouvider said:

@AnthonySmith said:

William said: Hetzner ZA is to Hetzner DE what OVH telecom is to OVH SARL. Not same entity, not entirely same owner set, but same key people.

Using the same backend I would imagine.

Possibly, potentially replicated and separated since the EU Customer Data couldn’t be easily hosted outside of EU for compliance

I totally agree. Thinking about a connection of the databases or even servers those data is stored on makes me shudder...

as said above from the looks of it the german konsoleh is a newer version, so maybe the ZA entity was quite behind with updating/patching whatever. most likely they even need to pay for it.

Hetzner_OL

To answer your questions, the companies operate as separate legal entities: Hetzner (Pty) Ltd in South Africa and Hetzner Online GmbH in Germany.

Therefore, Hetzner (Pty) in South Africa has no access to any Hetzner Online GmbH customer information, and we at Hetzner Online are unaffected by the vulnerability.

Yes, both companies have interfaces that are called konsoleH, but we have been developing our versions separately. In addition, we at Hetzner Online do not store sensitive customer data, such as passwords and banking details, in plaintext form. Any additional questions you may have about this vulnerability are best directed at Hetzner (Pty) Ltd:
https://hetzner.co.za/news/konsoleh-database-compromise/
https://hetzner.co.za/news/konsoleh-database-compromise-faq/
--Katie, Marketing Hetzner Online (Germany)