Digital Ocean, a US-based cloud infrastructure provider, revealed a data breach that led to the exposure of some of their Customer’s billing and payment card information. Scary enough? Yes, it is!!
When did the DigitalOcean Security Breach happen?
According to the email sent out by digital Ocean, it seems that the breach happened between April 9th, 2021, and April 22nd, 2021. Here Digital Ocean accepts a “Flaw” that allowed this unauthorized user access to the Customer’s billing information.
Email sent to Digital Ocean’s customers:
“An unauthorized user gained access to some of your billing account details through a flaw that has been fixed. This exposure impacted a small percentage of our customers,” – Email that is sent to customers! A snap of the same below:
What is the exposed information?
The exposed/breached information includes a customer’s billing name, billing address, payment card expiration, last four digits of credit card, and the payment card’s bank name, the basic information needed for the payment.
But, luckily, DigitalOcean states that they have fixed the flaw and disclosed the breach to data protection authorities though it is not clear what agencies were notified. Also, The company said that customers’ DigitalOcean accounts were “not accessed,” and passwords and account tokens were “not involved” in this breach.
The email also says, “To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occurring [sic] in the future,” In a statement, DigitalOcean’s security chief Tyler Healy said 1% of billing profiles were affected by the breach. Here, the companies with customers in Europe are subject to GDPR and can face fines of up to 4% of their global annual revenue.