'Explosive time' in SA for cybercrime after Hetzner breach


Johannesburg - With a new breach at web hosting company Hetzner leaking users’ private information, identity security experts say it is an "explosive time" for South African cybercrime. 

On Wednesday Hetzner South Africa was hacked exposing the banking information of customers (not including credit cards), domain names and back-end logins to websites.

This has left customers vulnerable to hackers who could now control the websites of customers. 

Brennan Wright, Head of Marketing at ThisIsMe, an identity management and protection services solutions company, told Fin24 that the severity and impact of the breach could not be determined as yet. 

“We treat a breach like this one as big as we treated the recent deeds breach which was the most massive leak in South Africa,” Wright said. 

In a statement on its website, Hertzner said that it had become aware of unauthorised access to its konsoleH Control Panel database on Wednesday. 

"We can confirm that a SQL (Structured Query Language) injection vulnerability was identified within konsoleH, which has been corrected. We shut down access to konsoleH during the course of the day while investigations proceeded," the company said in a statement.

While konsoleH Admin passwords have not been compromised, Hertzner said that it had updated all passwords, which were exposed.

"It is imperative that customers update all passwords associated with your Hetzner account immediately, including konsoleH admin passwords,' said Hertzner,  which can be done here.

The Hertzner breach comes just weeks after a massive deeds data breach leaked the information of 60 million South Africans online. This breach is being investigated by the Hawks. 

Troy Hunt, founder of the free service Have I Been Pwned which aggregates information data breaches and initially revealed the SA data breach, said previously that leaked deeds database contained the names, genders, ethnicities, home ownership and contact information of millions of South Africans.  

Wright said that South Africa is one of the top three worst cybercrime victims in the world. "It is an explosive time in SA for cybercrime. People need to become aware and protect themselves,” he said. 

The following list is based, in part, on identity management service company ThisIsMe’s guidelines to protect users from experiencing losses as a result of accounts being hacked,

Step 1 - Investigate the impact

The first step is to investigate if your profile has been affected. To gauge the extent to which your personally identifiable information ,or PII, has been exposed, users can use a number of online sites.

Be careful to verify the legitimacy of the site where you are checking your info - while some are legitimate others will harvest any information you put in. Don't give any of them your passwords.

If you have used Hetzner, view their guidelines on what to do here.  Users can also have a look at ThisIsMe's platform. Compromised email addresses can also be found at Have I Been Pawned, the website set up security researcher Hunt.

Step 2 - set up alerts

The next best step is to build your awareness through setting up alerts that notify you of any changes on your customer profile. Being aware of the attempts to access your credit status and to set up new lines of credit will allow you to stop fraudsters in their tracks.

Step 3 - shut down access - part 1

Take the time to immediately shut out attempts at logging into your accounts. You can do this by changing all of your usernames, passwords and security questions - including those linked to your social media accounts and especially those accounts linked to your financial transactions.

Users can also enable two-factor authentication for email and social media sites. The Electronic Frontier Foundation, for one, recommends enabling it for an extra layer of security. In addition to a password, to sign in you will need an "extra" verification, like a unique code sent to your smartphone. 

Step 4 - shut down access - part 2

Once you’ve changed your account data you should then move onto making contact with all of the relevant institutions handling your sensitive PII.

Contact your credit providers, your medical aid, your doctor's office, your educational institutions and instruct them not to take any action on your account unless they’re dealing with you in person, or via a live video chat (if they’ve got a recent photograph of you on hand.)

This may seem extreme but is an important step to dissuading and blocking would be identity thieves.

Step 5 - Engage with Institutions

As a final step, you can engage with the institutions charged with protecting your PII.

By making yourself heard and by ensuring accountability, you can make a meaningful impact to building the necessary safeguards that we need from these institutions.

Your awareness and your voice, when considered as a collective, will go a long way to preventing massive data breaches like this from happening again.

In addition, always keep antivirus software up to date, and download the latest updates for your operating system. 

SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox. Read Fin24's top stories trending on Twitter:

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot