DigitalOcean leaks: How severe was the exposure?

May 17, 2020
digital ocean data leak incident compromised data

One of the biggest web hosting platforms, DigitalOcean, has reportedly suffered a data leak incident that exposed some of their customer’s data.

The data leak was reportedly occurred due to an Internal document of DigitalOcean that was inadvertently left accessible online. It was reported that an employee had accidentally made the Internal document available online through a public link. DigitalOcean has not publicly made an official statement or press release about the leak but instead started notifying its customers regarding the said breach via email.

Below is the email that the web hosting giant sent out to its customers:

 

digitalocean leaks data exposure image

 

The document has reportedly included personally identifiable information such as email addresses and Digital Ocean Usernames. It also included some technical account information such as the number of servers owned by the customers, support or sales communication notes, bandwidth usage, and the total amount of money customers paid during the year 2018.

 

What does Digital Ocean has to say?

The DigitalOcean admitted that unauthorized third parties accessed the leaked Internal document by at least 15 times before it was taken down. Still, no abnormal activities were reported on the leaked account as a result of the breach.

DigitalOcean revealed that the file only contains less than 1% of their total customer base.

As per Digital Ocean, they will ensure that the said leak will not happen again. This specific breach indicates that Digital Ocean’s website was not in any way compromised not customer’s login credentials were leaked to attackers.

“We had a document that was discovered to be shared publicly, and while we feel confident there was no malicious access to that document, we informed our customers regardless of transparency.” added by DigitalOcean.

The hosting giant uses an extra level of security to their customers via 2FA (two-factor Authentication). Every DigitalOcean customers must start considering using this other layer of authentication to provide additional protection in their account.

Every data breach massive or not must always be approached with conscientiousness because this can be a starting point for being a victim of a social engineering scheme leading to phishing attacks and other abuse in the future.

iZOOlogic’s Dark Web Monitoring seamlessly integrates into the Data Loss Recovery and Incident Response channel to provide a comprehensive identification of compromised assets and fraud mitigations.

About the author

Leave a Reply