The web hosting service Hedtzner has fallen victim to an attack and the hackers have apparently managed to harvest customer data. The hackers not only got access to password hashes, but also customers payment information. A previously unknown rootkit was responsible for the attack.

Hetzner sent it customers an email stating that unknown intruders had compromised several of Hetzners systems. It first found a backdoor on one of its Nagios servers. Further investigation revealed that their Robot management interface for dedicated servers had also been compromised. The intruders were able to access customers data.

Payment info, such as banking details for customers using direct debit, was accessed. This data is encrypted asymmetrically, but Hetzner couldn't guarantee that the private crypto keys, required for decryption, were not copied as well. The attackers were also able to access customers' credit card data (the last three digits of credit card numbers, the expiry date and the card type) as well as salted SHA256 password hashes.