Hetzner is a great host, make no mistake about that. Unfortunately in this day and age, no one is immune to a breach.
According to ITWeb, "Hetzner says it provides about 40 000 customers with Web hosting, self-managed servers, managed servers, co-location and custom hosting solutions."
Read the full Hetzner notice here.
So what does this mean for you as a subscriber?
The evil internet imps gained access to:
- Customer details (name, address, ID number (where applicable), telephone numbers and email addresses)
- Domain names
- FTP passwords
- Bank account details (cheque/savings). No credit card details are stored.
What can you do about it?
First, DON'T PANIC! You can circumvent issues by following a few simple steps:
- Run a security scan on your device (I recommend Kasersky Total Security)
- Log into the secure konsole.
- At the top right hand corner, select "Account Admin"
- On the left hand sidebar, select "Management Password"
- Enter your old password
- Specify new password (secure, min. 11 characters, alphanumeric, upper and lower case. Include symbols)
- Confirm new password
- At the top right, select "Hosting Services"
- Select the domain or service you are looking for
- Go down to "Mail" from the left hand sidebar
- Select "Manage Accounts" on left hand sidebar
- Click "edit" next to your email alias
- Under "password" add a new secure password
- Confirm new password
- On the left hand sidebar, click "Managed Services"
- Select "FTP Users"
- Select "edit"
- Change your password (or use the password generator)
- Still under "Managed Services"
- Select "Manage MySQL"
- Chose your database by clicking on it (most will only have one)
- Change the passwords
- Normal password
- R/W password (read write)
- R/O password (read only)
- Once done, you need to edit your wp-config file.
- Left hand sidebar, select "File Manager"
- Scroll down to the file named "WP-Config.php"
- Click on it once only
- On the right hand side, select "edit"
- Scroll down to "/** MySQL database password */"
- VERY CAREFULLY, between the single inverted commas, enter the new password you created in step 4. This is vital, but be extremely precise.
- Finally, log into your website and change all admin passwords. Remember that you need secure passwords. It's not optional, it's mandatory.
*Side note: If you are running your site on Wordpress, I strongly recommend downloading Word Fence and initating an urgent and immediate scan on your Wordpress environment.
Good luck and stay secure!