Dark Mode Light Mode

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

DigitalOcean Accidentally Leaks Customer Data

DigitalOcean, a popular web-hosting platform, has started informing customers about a data leak that “unintentionally” exposed personally identifiable information online.

According to a notification sent to DigitalOcean users, the incident is linked to a 2018 company-owned document that was publicly available for viewing without requiring any authentication.

“This document contained your email address and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018,” the letter reads. An investigation by the provider’s security team found the internal document was “accessed at least 15 times” before it was taken down.

Advertisement

No official statement was released, but company officials have commented on the incident, saying that “there was no malicious access to that document” and “less than 1% of our customer base was impacted.” “The only PII included in the file was account name and email address,” the company added. “This was not related to a malicious act to access our systems.”

DigitalOcean takes full responsibility for the data leak, and promises to undergo extensive employee training for assuring customer data protection and preventing future incidents.

The notification letter also reassures users that “your Droplets and other systems you run on our platform have not been impacted by this mistake, we are committed to being transparent anytime we feel your data has been used in a way that does not align with our values.”

While there is no indication of foul play or a targeted attack, changing your account password and enabling two-factor authentication is never a bad idea. Companies should start focusing on protecting customer data, regardless of the type of information they handle. Even with limited information, bad actors can still formulate phishing campaigns to steal additional information or financial details.


This article originally appeared in SecurityBoulevard.

Author

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Add a comment Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Post

Novantas Acquires Martech Platform Amplero

Next Post

Program offers college students access to free data science and machine learning classes

Advertisement

Subscribe to Customerland

Customer Enlightenment Delivered Directly to You.

    Get the latest insights, tips, and technologies to help you build and protect your customer estate.