Stadtwerke Detmold offline after IT incident
Stadtwerke Detmold has fallen victim to an IT attack. They are currently no longer reachable. The supply is said to be secured.
The website of Stadtwerke Detmold is currently adorned with a disruption notice.
(Image: Stadtwerke Detmold)
Stadtwerke Detmold has fallen victim to an IT attack. They have not been reachable since Monday -- neither by phone nor by email.
On the homepage of Stadtwerke Detmold, a banner greets visitors, stating: “Due to a large-scale IT outage, Stadtwerke Detmold is currently not reachable.” However, there is no information about what happened, what the concrete consequences are, or anything similar. The WDR reports that “supply security in the areas of drinking water, electricity, gas, and district heating continues to be guaranteed.”
However, website services cannot be used, for example, to submit meter readings. Nothing is going through by phone either -- the customer center is also not reachable, so the notice that customers can report via a hotline is at least misleading. Allegedly, the LKA has been informed and is investigating the matter. Whether customer data is affected is the subject of ongoing investigations.
Indications of active IT relics
With the database censys.io, which makes the results of internet scans publicly accessible, some systems of Stadtwerke Detmold can be found. Until Monday evening, for example, a system was accessible via HTTP on the internet, on which very old PHP scripts with timestamps from 2013 could be found. The PHP version is 5.4.36 -- well-aged from December 2014. The Debian kernel 3.2.65 can be attributed to the year 2015 -- the system standing on the internet also reported January 9, 2015, as the build date.
(Image:Â heise medien)
Two systems offered SMB services (Windows shares) on the internet. The Censys scan from November 16, 2025, found a share that returns a server start time dating back to April 2009. The target name “STWDT2003R2” at least evokes memories of Windows Server 2003 R2 -- together with the shown start time, this at least causes concern. On another system, a Synology NAS seemed to be accessible from the internet.
Videos by heise
These are exclusively indications found by the Censys search engine, which were freely accessible on the net. Internet access to some systems was only deactivated during Monday.
Stadtwerke Detmold is also currently unreachable for us -- after more than twelve hours of operation, emails with the error message “Host or domain name not found” are returned. No one can be reached by phone; the system hangs up immediately. Therefore, it is unclear whether the indications paint a false picture or whether, based on the findings, it is more of a miracle that something has not happened sooner.
Today, institutions are under “constant bombardment,” attacks are permanent. For example, the Miniatur-Wunderland in Hamburg had to admit last week that it was the target of an IT attack to have been. Credit card data of customers were stolen from the online shop system.
(dmk)
