DigitalOcean Data Breach
DigitalOcean is one of the largest cloud infrastructure providers that helps millions of developers to build and run their apps from cloud storage. Yesterday, the company started informing its customers through an email about a data breach that happened this month. TechCrunch saw the breach as an “unauthorized exposure of details associated with the billing profile” of customers’ DigitalOcean account. The unauthorized access was made possible through a flaw that the DigitalOcean didn’t explain in detail but said it’d patched. Yet, the details were left open for about two weeks, from April 9 and April 22. Impacted details include the customers’ billing names, residential addresses, last four digits of the payment card, expiry date, and issuer bank’s name. Several customers impacted in this breach constitute about 1% of total users, says DigitalOcean, and assured that no account data or passwords are involved. Still, as a matter of security, it is said to have “implemented additional security monitoring on your (customers’) account” and expanding their “security measures to reduce the likelihood of this kind of flaw occurring [sic] in the future.” Finally, it claims to have informed the authorities about this incident but didn’t mentioned which.
