Quick overview: They had a Nagios backdoor, which led to a leak of the customer database of their dedicated server administration console (Hetzner Robot).<p>They are not sure how it happened right know. External security experts are involved.<p>The customer passwords are SHA256 hashed (thank god!).<p>---<p>This one is really serious. With access to this admin console, you can wipe all dedicated servers with one single click. We advised Hetzer before to add more security (two-way authentication, etc.) to the console, but I think not much happened here...
According to their FAQ (<a href="http://wiki.hetzner.de/index.php/Security_Issue" rel="nofollow">http://wiki.hetzner.de/index.php/Security_Issue</a>) direct debit data was probably also compromised.