DigitalOcean clients username and email accounts leaked, users must change their password

According to cybersecurity specialists, DigitalOcean, one of today’s largest web hosting platforms, recently became the victim of a data breach incident in which some of its customers’ data was exposed, leaving it available to unauthorized third parties.

Company officials have not yet made a public opinion on the matter, although they have already begun to notify affected users directly via email. According to notification received by users, the data breach occurred due to an error of DigitalOcean staff, which left an internal document exposed on the Internet without passwords.

The document displayed contained the email address and/or name of the registered account, as well as some data about the user’s account, including bandwidth usage, support notes or sales communication, as well as the amount paid by users during previous years. After detecting the incident, the company revealed that unauthorized third parties had accessed the exposed file containing customer data at least 15 times before the document was finally deleted.

“We discovered one of our publicly exposed documents. While we are confident that no one has improperly accessed this information, we would like to notify you of the incident directly. Less than 1% of all our customers have been affected, and the only personally identifiable information exposed is the name and email address of those affected.”

“We are taking steps to make sure this doesn’t happen again. We will educate our employees about protecting our customers’ data, establishing new procedures for detecting potential security incidents in a timelier manner, and implementing configuration changes to avoid exposing other data,” the company’s alert says.

It is worth noting that this data breach does not imply that the DigitalOcean website was compromised by threat actors or that the login credentials have been stolen. Users do not require additional actions, as their account data is properly protected. However, users concerned about the security of their information can reset their password, or enable two-factor authentication.

Several members of the cybersecurity community have tried to contact DigitalOcean, who claims that a spokesperson will provide some statements shortly. However, experts anticipate that the company representative will only speak to confirm that the incident has been neglected, so it is not technically accurate to talk about malicious activity on DigitalOcean’s networks.