They are of good quality, but let's keep in mind that Hetzner tends to be solidly on the budget side. I am a Hetzner customer, and it stinks that this happened, but let's consider: I don't expect Bugatti quality when I'm paying for a Chevy Malibu.

I do appreciate them being forthcoming and sharing some security details that do make me feel pretty safe. I don't care if they have the last few digits of my CC number, and I've already reset my password. Stinks I had to even think about this, but again, Chevy Malibu.

Assuming that the exploit really is unknown, what better security could they have done to prevent it, without severely impacting usability?

Compromises will happen sooner or later when running a large number of public facing services. With good policy, the breaches will be well contained, which seems to be the case here. What more can be expected out of a premier hosting company, let alone Hetzner which is very cheap budget provider?

Apply Occam's Razor. The simplest speculation is an internal breach. All the procedure in the world won't save you from that.

Is it just the customer account details that apparently make hosting companies attractive targets. If that's the case, I'm wondering why we're not seeing more breaches from all over the e-commerce world. Why just hosting companies?

Maybe the hosting companies are simply more likely to detect a breach. Not a happy thought I know.

And more likely to disclose it perhaps?

There are a lot of breaches that you will never hear about because they go undetected or undisclosed.