"Hacked" word on screen laptop display an alert when a man using it on wooden table with camera, clock, calculator and paper graph - hacking, alert and computer concept (Photo Credit: www.shutterstock.com)

Hetzner, which is based in Midrand in Johannesbur, advised its clients on Wednesday on its website that its konsoleH Database was compromised.

“We can confirm that a SQL injection vulnerability was identified within konsoleH, which has been corrected,” the company said.

“While your konsoleH Admin password has not been compromised, we have proactively updated your FTP password, which was exposed.”

It is imperative that you update all passwords associated with your Hetzner account immediately, including your konsoleH admin password.

The following details have been exposed:

  • Customer details (name, address, ID number (if provided), telephone numbers and email addresses)
  • Domain names
  • FTP passwords, and
  • Bank account details (cheque/savings). No credit card details are stored.

“We have external forensic investigators on site working round the clock with our team,” said Hetzner.

“We understand that this event has shaken your confidence in us. It is our earnest commitment to provide you with a hosting service you can trust.”


  1. Earnest commitment as stated above means taking security seriously. Eliminating SQL injection vulnerabilities are the bare bones basics of application security. Is this the first hack Hetzner is actually AWARE of, and how do we know there haven’t been more in the past?