Hetzner Security Breach Exposes Customer Passwords, Payment Information

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.thewhir.com/web-hosting-news/hetzner-security-breach-exposes-customer-passwords-payment-information

German web hosting provider Hetzner Online AG discovered a backdoor on
on its Nagios monitoring servers last week, and emailed customers on
Thursday to let them know that password hashes and payment information
was compromised.

According to a report by H-Online, founder Martin Hetzner says it’s
not clear at this time how many customers have been impacted by the
breach, that also included the compromise of its Robot management
interface for dedicated servers and the customer payment data stored
there, including credit card numbers, the expiry date, card type and
the last three digits of credit card numbers.

The attackers were able to copy salted SHA256 password hashes, and
Hetzner says that while the data is encrypted asymmetrically, it is
still possible that the private crypto keys required for decryption
were copied as well.

Hetzner says attackers were unusually sophisticated, using a
previously unknown rootkit that didn’t touch any hard disk files. It
patches processes already running on the system and injects malicious
code directly into the target process image, Martin Hetzner tells
The-H.

The rootkit manipulated the OpenSSH daemon and Apache in RAM, and
could also manipulate ProFTPD. The manipulation was carried out
exclusively in RAM, according to the report.

The German Federal Criminal Police Office is currently investigating the attack.

Earlier this year, Hetzner began offering colocation services at its
Nuremberg and Falkenstein/Vogtland data centers in Germany.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.