

Hetzner.de compromised (german email) - Noxx
http://pastebin.com/YL9Gd4MR

======
dermatthias
Quick overview: They had a Nagios backdoor, which led to a leak of the
customer database of their dedicated server administration console (Hetzner
Robot).

They are not sure how it happened right know. External security experts are
involved.

The customer passwords are SHA256 hashed (thank god!).

\---

This one is really serious. With access to this admin console, you can wipe
all dedicated servers with one single click. We advised Hetzer before to add
more security (two-way authentication, etc.) to the console, but I think not
much happened here...

------
lukashed
According to their FAQ (<http://wiki.hetzner.de/index.php/Security_Issue>)
direct debit data was probably also compromised.

