A recent incident involving Hetzner, a well-known European cloud hosting provider, and Kiwix, a non-profit organization dedicated to offline access to Wikipedia, has brought to light critical considerations regarding cloud service reliability and data security. On December 1st, 2024, Hetzner terminated Kiwix’s account without warning, resulting in the deletion of all associated servers and data. This action, coupled with alleged communication failures, has sparked debate within the cloud computing community.
The founder of Kiwix recounted the event on Mastodon: “So last week (on Sunday 1 December at 00:00), our server host canceled its service without warning.”
Kiwix, reliant on Hetzner’s infrastructure for several years, experienced a complete service outage when their servers became inaccessible. The organization’s engineers were unable to diagnose the problem remotely, and users reported widespread service disruptions. Upon attempting to access the Hetzner control panel, Kiwix discovered the account termination and the full extent of the data loss.
Hetzner’s justification for the account termination remains unclear. While citing a violation of their terms of service, the company has not provided specific details regarding the alleged infraction. Furthermore, Hetzner maintains that advance notifications were sent, a claim disputed by Kiwix, who assert they received no such communication.
Adding to the controversy, Hetzner’s response to Kiwix’s request for a copy of the alleged notification email was a curt refusal, further eroding trust and raising questions about their customer service practices. This lack of transparency has fueled concerns about the provider’s accountability and commitment to customer support, particularly in critical incidents.
Despite the severity of the incident, Kiwix was able to mitigate the impact due to their robust data backup strategy. The organization had maintained comprehensive backups of their critical data, enabling them to swiftly migrate to an alternative provider and restore services within 48 hours.
The Hetzner-Kiwix incident serves as a timely reminder of the shared responsibility model inherent in cloud computing. While providers are responsible for maintaining infrastructure and ensuring service availability, users must also take proactive steps to protect their data and ensure business continuity.
