DigitalOCean confirmed the data breach via an email to its customers confirming the exposure of billing details. The tech giant assured that the incident affected very few customers.
DigitalOcean Data Breach
Recently, TechCrunch has reported on a data breach affecting the cloud hosting provider DigitalOcean.
The news seemingly surfaced online after DigitalOcean sent emails to its customers informing them of the breach. One such customer has shared the email in a tweet.
Looks like @digitalocean had a nasty breach pic.twitter.com/l9e0cQhrlE
— tj – one terrifying conversation each week (@adventureloop) April 28, 2021
Though, it seems the firm is still in the process of notifying its customers since many users complained about not getting any intimation from DigitalOcean.
@digitalocean Why am I learning about your data beach through third party reporting and not a customer notification email? I expected better from you ?
— m0x (@m0xxz) April 28, 2021
? no email yet
— Gabriel Pepe (@gperezpepe) April 28, 2021
No email yet from @digitalocean on its customer payment info breach, but I had to kill that card a few weeks ago anyway due to online fraud.
— jenn (@jenn) April 28, 2021
As revealed, the firm suffered a security breach that it noticed on April 26, 2021. The attackers accessed the billing details of some customers by exploiting a bug between April 9 and 22, 2021.
Consequently, they could view users’ billing names, addresses, payment card expiration date, bank name, and last 4 digits of the cards.
Upon detecting the breach, the firm worked quickly to fix the vulnerability that triggered this incident. Due to this, the firm assured they had stopped the attackers’ access to user data. As the email stated:
To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occurring in the future.
While they haven’t disclosed the exact number of customers affected by the incident. Yet, TechCrunch, quoting DigitalOcean’s security chief Tyler Healy, reported that the breach affected less than 1% of their customers.
Additionally, the firm assured they have reported the matter to law enforcement authorities.
However, they haven’t specifically explained the nature of the bug and how they noticed and fixed it. Also, no other details are available at the time of writing this article.