Data Breach Affecting DigitalOcean Exposes Customer Billing Information
The Cloud Hosting Provider Has Disclosed a Data Breach After a Flaw Exposed Customers’ Billing Information.
DigitalOcean recently sent an email to the affected customers in which it states that a data breach allowed an unauthorized user to access customers’ billing details between the 9th and 22nd of April 2021.
In a statement, DigitalOcean’s security chief Tyler Healy said 1% of billing profiles were affected by the breach, but declined to address any specific questions, including how the vulnerability was discovered and which authorities have been informed.
“An unauthorized user gained access to some of your billing account details through a flaw that has been fixed. This exposure impacted a small percentage of our customers,” reads the email sent to customers.
The email said customer billing names and addresses were accessed, as well as the last four digits of the payment card, its expiry date, and the name of the card-issuing bank.
The company said that the accounts belonging to DigitalOcean customers’ were “not accessed,” and that passwords and account tokens were “not involved” in this breach.
To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occuring [sic] in the future.
In the email is stated that the exposed information includes a customer’s billing name, billing address, payment card expiration, last four digits of credit card, and the payment card’s bank name.
DigitalOcean declared they have fixed the flaw and also disclosed the breach to data protection authorities, but at this time it remains unclear what agencies were notified.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
This is not the first data breach that DigitalOcean suffers, with a data breach taking place just last year, during which they made public a document containing information about customer’s accounts available.