Due to devs mistake user data of the hosting platform Digital Ocean leaked
DigitalOcean is an American cloud infrastructure provider headquartered in New York City with data centers worldwide. DigitalOcean provides developers with cloud services that help to deploy and scale applications that run simultaneously on multiple computers. As of January 2018, DigitalOcean was the third-largest hosting company in the world in terms of web-facing computers
However, the company recently was hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties. Digital Ocean is yet to release a statement on it, but have warned affected customers about the leak via an email.
According to the email, the leak happened due to negligence where DigitalOcean ‘unintentionally’ left an internal document accessible to the Internet without requiring any password.
The Document included personally identifiable information such as customer email addresses and their respective Digital Ocean usernames, but also account technical details such as the number of droplets (servers) owned by the customer, the user’s bandwidth usage, support or sales communications notes, and the amount of money the customer paid during the calendar year 2018.
The Company said in a statement that the internal document was accessed at least 15 times while it was left available online. We did not see any unauthorized access to impacted customers’ servers as a result of this incident.
The document which was left online contained details for less than 1% of the company’s total customer base, the company added.
Below is a copy of the email sent by the company to its customers.
“Our community is built on trust, so we are taking steps to make sure this doesn’t happen again. We will be educating our employees on protecting customer data, establishing new procedures to alert us of potential exposures in a more timely manner, and making configuration changes to prevent future data exposure,” the company added.
This specific breach neither indicates the DigitalOcean website was compromised, nor the customers’ login credentials were leaked to the attackers. So, if you have an account with the hosting service, you don’t have to rush into changing your password. However, the service also offers two-factor authentication that every user must enable to add an extra layer of security to their accounts.