DigitalOcean Data Breach Exposes Customer Billing Data
Cloud hosting provider DigitalOcean has emailed customers warning of a data breach involving customers’ billing data.
The cloud infrastructure giant told customers in an email on Wednesday that it has “confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account.” The company said the person “gained access to some of your billing account details through a flaw that has been fixed” over a two-week window between April 9 and April 2
The email states that the exposed information includes a customer’s billing name, billing address, payment card expiration, last four digits of credit card, and the payment card’s bank name.
— tj – one terrifying conversation each week (@adventureloop) April 28, 2021
The company said that customers’ DigitalOcean accounts were “not accessed,” and passwords and account tokens were “not involved” in this breach.
“To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occuring [sic] in the future,” the email said.
In a statement, DigitalOcean’s security chief Tyler Healy said 1% of billing profiles were affected by the breach, but declined to address our specific questions, including how the vulnerability was discovered and which authorities have been informed.