Fri. Aug 14th, 2020

DigitalOcean accidentally exposed data such as account information of some customers

2 min read

DigitalOcean is a very well-known server provider in the world. The company mainly provides developers with services such as servers, object storage, and databases.

However, some developers have received emails from DigitalOcean. Due to the company’s careless operation, some customers’ account information and other data have been leaked.

Although the company has not yet issued an official statement, some users have shared email messages on Twitter. The leak only affected a small number of users of the company.

In the email, the company stated that after investigation, it was found that a document storing user information was accessed 15 times by unauthorized users due to a configuration error.

The information stored in the document mainly includes user name, email address, server bandwidth usage, customer service chat history, and payment bills for 2018.

On the basis of trust, the company decided to disclose the security incident to the affected users. At the same time, the company is also strengthening employee training to improve safety awareness.

The cause of the accident seems to be that its engineers had problems configuring certain document permissions on the internal server, which allowed external visitors to access without a password.

Although the number of times the document was accessed is very low, it may still cause user privacy leakage, so the company decided to disclose the accident to the affected users.

From the above information, we can see that the leak did not involve key user information, and data such as account passwords were not unauthorized access.

DigitalOcean did not disclose how many users were affected this time, but the company believes that users do not need to change their passwords or worry about the accident.

In addition, the company also emphasized that this issue does not involve the data stored by the customer on the server, and unauthorized users cannot access any customer’s server data.

Of course, based on security considerations, we also recommend that users configure multi-factor authentication so that even if the password is accidentally leaked or the password is stolen, there is no need to worry about account security.