Cloud infrastructure provider DigitalOcean has reported a data breach. A hacker has accessed customer data and billing information.
TechCrunch reports this based on an email DigitalOcean sent to its customers. In it, Digital Ocean says that between 9 and 22 April, someone accessed its database and was able to look at the customer data of “a small percentage” of its customers.
The hacker managed to get in via an undisclosed security flaw, which DigitalOcean says has since been closed. There he had access to the user names, billing addresses, credit card expiry dates, the last four digits of the credit cards and the names of the customers’ banks. DigitalOcean does not store the full credit card numbers. The accounts themselves, including the passwords, are unaffected.
Additional security measures
In addition to fixing the vulnerability, DigitalOcean says it has added additional security controls to user accounts. The company also promises to further expand its security measures to prevent such situations from happening again in the future. Relevant privacy authorities have also been notified of the data breach.
Little detail given
TechCrunch has contacted DigitalOcean for more information, but the company only responds that just 1 percent of customer data was leaked. How many customers the cloud provider has in total is not known. The company does not respond to specific questions about how the leak was discovered or which authorities it notified.
Involvement in previous breach
In 2019, a data leak occurred at the Wifi Finder app for Android. A database containing over two million network passwords was poorly secured and allowed the passwords stored in plaintext to be downloaded in bulk. The app developers could not be reached at the time, but DigitalOcean, which hosted the database, quickly took it offline. In this case, the blame for the data leak probably lay not with DigitalOcean, but with the app developer.