New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
My hetzner accounts get hacked
I don't know how they did it. It's auto generated password using password manager.
I have contacted support, while waiting for reply, What immediate step should I do now ?
Comments
Probably make sure your password manager or computer isn't compromised first bro.
Edit: And active 2FA.
Probably used a week password. Reset your password and generate a stronger password.
Not really a weak password because it's generated by the password manager with a long lowercase uppercase and symbol. Also I can't reset password because they change the email.
Any idea on how to recover my account beside waiting for hetzner support? This is a freaking weekend
Have you downloaded software recently?
Stop using password managers.
Mostly time from compromise computer, they just need stole you cookie session.
I dont even login to hetzner in the last 60 days. Cookie should be expired way before this case.
I always use winget to install software on my pc. and I use mostly WSL.
kok iso?
What about the email account you used with Hetzner?
A seatbelt failed in a crash!
Your solution: Stop using seatbelts
OP, either your computer or mobile or both are compromised.
I'll start with reinstalling os and flashing mobile.
Your seatbelt is your brain memory, not a password manager.
Memory is not a seatbelt. It's holding yourself in place with your arms during a crash.
Ah yes, I shall use the same password for every single website then!
Or are you expecting me to memorize 487 individual unique passwords?? 😱😱
You can reset password for websites.
Just make sure to have a mail from a provider that wont go out. Free one from google, ms or yahoo.
Or your own domain name that comes with free email hosting like dynadot.
May be a month password as well?
Found the hacker!
It’s still just a mere password. Even if you use a password manager with complex combinations, it only makes "guessing" harder for attackers. That’s why you should enable an additional layer of security, such as 2FA.
You sure you didn't click on a link in any of those phising mails? I get them regularly, specifically targeted towards my Hetzner account.
Or you shared your pc with someone.
✅ Generate a complex password that is impossible to remember.
✅ Store it securely with a password manager.
✅ Copy/paste the password each time without clearing your clipboard history.
✅ Get fooled by a ClickFix CAPTCHA on a Linux ISO website that uploads your clipboard history to a smart guy’s $7/year VPS.
✅ Blame the provider for being hacked.
Why work hard as a hacker when your "clients" do it for you?
And blame somebody else.
I cant believe people still fall for those kind of scams in the big 2025
Wankers don’t read or think before clicking pop-ups on niche porn sites.
What I can't believe is in 2025 there are still people who think passwords alone are enough and don't set up 2FA when it's available. That's just a bold move
you don't need to know how they do it, bacause there are so many ways
you just need to know how to prevent it, the answer is 2FA
2FA cannot help if the customer's device is compromised.
If customer's device is compromised, Hetzner will be the least of their concerns.
Sure, Hetzner has nothing to do with TS claims.
There's nothing wrong with passwords. How will someone break a long random generated password?
2FA just annoys users who generate passwords like that or even worse makes the whole system less secure.
2FA is not a replacement for bad passwords and will not help much with passwords like: 123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678, 111111, 1234567890. Those are the 10 most common passwords in 2025, imagine that.
It's not a replacement. It's meant to add another layer of security. Even with weak passwords it can still help secure the account.
In this case, if 2FA had been enabled, I believe the OP wouldn't be in this situation and we likely wouldn't be having this discussion.