In October 2011, unfortunately these links are in German only:

http://www.heise.de/security/meldung/Web-Hoster-Hetzner-geha...

http://www.heise.de/ix/meldung/Datenleck-bei-Hetzner-1356468...

http://www.heise.de/security/meldung/Passwortklau-bei-Hetzne...

There was unauthorized access to customer data, even passwords. Someone claims to have accessed it via an FTP-server where he found a root password to a management server

Thanks for posting the links, I've forgot to mention it in all my wisdom, duh..

Here is the (english) mail they sent to customers back in October 2011 on the previous intrusion:

http://pastebin.com/uJhG5aLS