Will Hetzner's Security Breach cost them the SA Business Awards?

South Africa's tech industry was taken by surprise with a recent breach in Hetzner's security. Hetzner has a great track record (4.3 and a 5-star rating on Hello Peter & Google respectively) and is known for their excellent products and customer service, making it easy to see why they are the hosting company of choice for many South Africans. However, the public is not being very kind to the new of their security breach, being made public.

Details of the breach

On November 1, Hetzner pubically announced the details of their security breach via Twitter and both Emails and SMS communication was sent out directly to their customers. A SQL injection vulnerability was identified within konsoleH, which has now been corrected but not before sensitive customer information was compromised.

What information was exposed?

• Customer details (name, address, ID number (where applicable), telephone numbers and email addresses)
• Domain names
• FTP passwords
• Bank account details (cheque/savings).

NB: No credit card details are stored

Customers were advised to change all passwords for Email accounts, FTP access, databases and KonsoleH logins. Instructions can be found here.

What the internet has to say?

The trolls:

@HetznerNotices We are storing passwords in #cleartext to make customer support easier. #Hacker: "Thank you #Hetzner!" @troyhunt pic.twitter.com/lznY6Y99dD

— Gerd Naschenweng  (@gerdnaschenweng) November 3, 2017

Right.... serious question, which hosting provider would you choose to host a .CO.ZA domain? I need to move mine from #hetzner #hosting — Richard Thompson (@EkilErif) November 3, 2017

#Hetzner FTP password policy. Note the maximum length and "No symbols" parts. Stone age. pic.twitter.com/UQcanyT6oe

— Johan Meiring (@johanmeiring) November 2, 2017

Huge data breach of #Hetzner hosting, along with Dracore data being compromised, holy hell. "Hetzner - Trusted in Hosting" Apparently not! — Craig du Toit (@CraigduToit) November 2, 2017

Those who are a bit more sympathetic and appreciate the open communication:

You think #Hetzner was bad? @paradigmsol is also leaking everyone's data, and they don't even care. "Service - Insecure"

— Werner van Deventer (@brutaldev) November 3, 2017

I sympathiza with #Hetzner with this attack. Happy to know that this will result in increased security standards. — derekgardiner (@derekgardiner) November 2, 2017

What does this mean for their credibility?

The bulk of the public has jumped on the bandwagon of trashing Hetzner. Yes, they have compromised sensitive information but have also moved very fast with finding solutions to ensure this does not happen in future. The truth of the matter is that thousands of companies have been hacked before, compromising clients sensitive data but do not make this public knowledge. Hetzner at least had the balls to man-up and take the responsibility. They have always tried to keep an open book with their customers and are keeping to their word.

Will this compromise their stand at the SA Business awards?

On October 2017 SA Business awards announced Hetzner made it to the finals for the Innovation Through Technology award:

#Congratulations Finalist #Innovation through #Technology #Hetzner pic.twitter.com/rBjVAVuDH4

— SA Business Awards (@SABizAwards) October 16, 2017

Hetzner has also made it as a finalist in the Customer Focus category, along with the likes of big players such as Microsoft South Africa, Dell Computers and Oracle. The current standing with the public does not look good for Hetzner, only time will tell how this breach affects Hetzner's standing with South Africa.

Tell us what you think

We would love to hear your opinion on the matter, how has this breach affected your business? Comment below if you have a story to tell.

Tags: Hetzner, Hosting, News