Posted on November 4, 2017 at 10:18 AM
Hackers managed to infiltrate the web host provider, Hetnzer, which exposed thousands of their customers.
South Africa’s biggest data hub and web host service provider, Hetnzer Ltd. Confirmed earlier this week that their database has been compromised by malicious attackers.
Th company, with headquarters in Johannesburg, confirmed the hack this past Wednesday during a statement. The company stated that hackers managed to infiltrate their client portal, konsoleH. During their statement, the company stated that they assume that all their client data has been exposed.
According to Hetzner, the threat actor managed to infiltrate the client portal by using an SQL injection vulnerability in the firm’s database.
In their statement, the firm stated that they have no method of knowing how the vulnerable data might be used.
While the company confirmed that all konsoleH login credentials are encrypted, the system had proactively updated all FTP passwords, as these were in plain text.
To rectify this latest concern, the company stated on their website FAQ page, that they intend to delete all plain text passwords on their database. In addition, the company will only store encrypted passwords in the future.
According to Hetzner, exposed information could possibly include all relevant client information, including domain names, FTP passwords, and certain financial details. However, the company stated that credit cards details were not exposed.
The company has reached out to their clients and suggested that they immediately change their passwords.
While the company has not confirmed exactly how many clients were affected, they did state that both previous and current clients were affected. According to the Hetzner website, the company provides website hosting services to over 40 000 clients.
According to the company, all individuals and companies affected would not be compensated for the cyber attack. Since the investigation has just commenced, the company cannot yet confirm the true scale of the attack.
On their FAQ page, the company states that any entity can fall victim to attack and that no security measures are ever truly immune to truly motivated hackers.
In addition, Hetnzer also confirmed their dedication to rectifying the latest security concerns and providing security support to all their clients.
The company has also hired a team of forensic investigators in order to review the attack and to address the exploited security defenses.
South Africa has become the target of many high-profile cyber attacks as of late. In October, a large database, named “Master_Deeds” was leaked and left exposed on the internet which revealed sensitive information of millions of South Africans.
While Hetzner has confirmed that these attacks are not related, they did state that the Master_Deeds leaks were stored on a self-managed server that was used by one of their clients.
The company continued to explain that the responsibility of the files and the data breach itself rested fully on the client and that Hetzner could only unknowingly leased the hardware. The company emphasized that they had no way of accessing the files that were stored on the hardware.
The data breach included highly sensitive information on millions of South Africans, including ID numbers, gender, employment and income details, names, marital status, and home ownership status.
According to the security expert, Troy hunt, the database consisted of over 60 million records. The data breach included files of individuals both alive and dead, as the current population only stands at 56 million. The breach was discovered by Tefo Mohapi from iAfrikan.