Hetzner South Africa CEO Hans Wencke has apologised to customers affected by the data breach on the company’s systems this week, saying it is “deeply distressed” by the incident.
On Wednesday, the data centre operator and website hosting service revealed that it had been hacked, advising clients to change their passwords immediately.
It had become aware of “unauthorised” access to its konsoleH control panel database during the day on Wednesday. “We can confirm that a SQL injection vulnerability was identified within konsoleH, which has been corrected,” it said. “We shut down access to konsoleH during the course of the day while investigations proceeded.”
In a letter to customers on Friday morning, Wencke said: “I would like to personally assure you that we have addressed the breach and are working around the clock to identify other similar vulnerabilities.
“Due to the breach, we must unfortunately assume that our customers’ data has been compromised. While we are able to see where and how the data was accessed, there is no way for us to determine how the exposed data will be used.”
Hetzner has come under fire for storing users’ passwords in plain text. Wencke has now admitted that this was an error of judgment. He said it was done so its support team could assist customers by having this information on hand.
‘We were wrong’
“We believed that the security measures we put in place were adequate to protect these passwords. We were wrong,” he said in the letter. “We are making the necessary changes that will allow us to delete all plain-text versions of FTP and database passwords.”
He vowed not to let the breach “define us as a company”.
“We have always prided ourselves on being trusted in hosting. We understand that we have let you down. Trust is built one step at a time: with every customer conversation, every decision, every system update, every security patch, every effort we put into ensuring the stability and scalability of our platform… We will work to regain your confidence.” — (c) 2017 NewsCentral Media