recently hit with a concerning data leak incident that exposed some
of its customers’ data to unknown and unauthorized third parties.
Though the hosting company has not yet publicly released a
statement, it did has started warning affected customers of the
scope of the breach via an email.
According to the breach notification email that affected
customers [1, 2] received, the data leak happened due to
negligence where DigitalOcean ‘unintentionally’ left an internal
document accessible to the Internet without requiring any
password.
“This document contained your email address and/or account name
(the name you gave your account at sign-up) as well as some data
about your account that may have included Droplet count, bandwidth
usage, some support or sales communications notes, and the amount
you paid during 2018,” the company said in the warning email as
shown below.
exposed file containing customers’ data was accessed by
unauthorized third parties at least 15 times before the document
was finally taken down.
“Our community is built on trust, so we are taking steps to make
sure this doesn’t happen again. We will be educating our employees
on protecting customer data, establishing new procedures to alert
us of potential exposures in a more timely manner, and making
configuration changes to prevent future data exposure,” the company
added.
To be noted, this specific breach neither indicates the
DigitalOcean website was compromised, nor the customers’ login
credentials were leaked to the attackers.
So, if you have an account with the hosting service, you don’t
have to rush into changing your password. However, the service also
offers two-factor authentication that every user must enable to add
an extra layer of security to their accounts.
The Hacker New has reached out to DigitalOcean for a
comment, and the story will be updated with the response.
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/QnwmsUOEI8o/digitalocean-data-breach.html