Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

DigitalOcean Inadvertently Exposed Customer Data

Cloud infrastructure provider DigitalOcean is informing customers that it inadvertently exposed some of their data to the Internet.

Headquartered in New York City, the company provides cloud services to developers looking to deploy and scale applications running on multiple systems.

Cloud infrastructure provider DigitalOcean is informing customers that it inadvertently exposed some of their data to the Internet.

Headquartered in New York City, the company provides cloud services to developers looking to deploy and scale applications running on multiple systems.

Last week, the company started alerting customers that some of their data might have been accessed by third-parties after a document from 2018 was unintentionally made available via a public link.

“This document contained your email address and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018,” a copy of the notification that was shared online reads.

The email alert also informed customers that the document had been accessed at least 15 times before the leak was noticed and plugged.

Responding to an email inquiry from SecurityWeek, the company said it feels “confident there was no malicious access to that document,” but that it decided to inform customers anyway, for transparency.

DigitalOcean also revealed that less than 1% of its customer base was impacted by the incident, and that account name and email address represented the only personally identifiable information (PII) included in the exposed file.

Advertisement. Scroll to continue reading.

“This was not related to a malicious act to access our systems. Our customers trust us with their data and we believe that an unintended use of that data, no matter how small, is reason enough to be transparent,” a company spokesperson said.

Replying to a comment to the publicly shared emailed notification, a DigitalOcean employee revealed that customers receiving the alert could learn specific details on the amount of information that was exposed for them by replying to the notification itself.

Related: DigitalOcean Warns of Vulnerability Affecting Cloud Users

Related: GE Says Some Employees Hit by Data Breach at Canon

Related: Data Breach Hits 22 Million Web.com, Register.com, Network Solutions Accounts

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.