Partial credit card information might have been compromised

Jun 7, 2013 13:19 GMT  ·  By

Germany-based web hosting provider Hetzner has started notifying customers that their data might have been compromised. Last week, the company discovered a previously unknown piece of malware in its internal monitoring systems.

According to company founder Martin Hetzner, the backdoor they’ve discovered is difficult to analyze.

“To our knowledge, the malicious program that we have discovered is as yet unknown and has never appeared before,” Hetzner wrote in a notification sent to customers.

“The malicious code used in the 'backdoor' exclusively infects the RAM. First analysis suggests that the malicious code directly infiltrates running Apache and sshd processes. Here, the infection neither modifies the binaries of the service which has been compromised, nor does it restart the service which has been affected.”

The hosting provider has determined that the Robot, or the administration interface for dedicated root servers, has also been compromised, allowing the attackers to copy “fragments” of their customer database.

Hetzner says that passwords are hashed (SHA256) and salted, but the company still recommends users to change their passphrases as a precaution.

Fortunately, complete credit card data is stored only on the systems of Hetzner’s payment service provider. However, the hosting firm also stores some partial credit card data, including last three digits of card number, card type and expiration date.

Hetzner has told heisse Security that they haven’t determined precisely how many users are impacted by the incident.

The company has called in an external security company to investigate the breach. In addition, the incident has been reported to the German federal police (BKA), and the data security authority.

“Hetzner technicians are permanently working on localising and preventing possible security vulnerabilities as well as ensuring that our systems and infrastructure are kept as safe as possible. Data security is a very high priority for us,” Hetzner said.