After Godaddy, A cloud server hosting company Digital Ocean internal data leaked due to security lapse and exposes to the public domain.
In the E-mail, Digital Ocean send to its customers said,
“We learned that a DigitalOcean-owned document from 2018 was unintentionally made available via a public link. This document contained your email address and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018. After a detailed review by our security team we identified it was accessed at least 15 times before the document was taken down.”
Now DigitalOcean want to Educate their Employees.
They said, we will be education our employees on protection customer data, establishing new procedures to alert us of potential exposures in a more timely manner, and making configuration changes to prevent future data exposure.
A spokesperson for the company confirmed The Hacker News of the incident and shared a statement:
“We had a document that was discovered to be shared publicly and while we feel confident there was no malicious access to that document, we informed our customers regardless for transparency. Less than 1% of our customer base was impacted, and the only PII included in the file was account name and email address.
“This was not related to a malicious act to access our systems. Our customers trust us with their data and we believe that an unintended use of that data, no matter how small, is reason enough to be transparent.”
The leak does not affect Digital Ocean customer’s login credentials and its website. If you are using the Digital Ocean server, then you can change your password and enable two-factor authentication.