[BreachExchange] DigitalOcean says customer billing data accessed in data breach

Destry Winant destry at riskbasedsecurity.com
Thu Apr 29 10:26:31 EDT 2021


https://techcrunch.com/2021/04/28/digitalocean-customer-billing-data-breach/

DigitalOcean has emailed customers warning of a data breach involving
customers’ billing data, TechCrunch has learned.

The cloud infrastructure giant told customers in an email on Wednesday,
obtained by TechCrunch, that it has “confirmed an unauthorized exposure of
details associated with the billing profile on your DigitalOcean account.”
The company said the person “gained access to some of your billing account
details through a flaw that has been fixed” over a two-week window between
April 9 and April 22.

The email said customer billing names and addresses were accessed, as well
as the last four digits of the payment card, its expiry date and the name
of the card-issuing bank. The company said that customers’ DigitalOcean
accounts were “not accessed,” and passwords and account tokens were “not
involved” in this breach.

“To be extra careful, we have implemented additional security monitoring on
your account. We are expanding our security measures to reduce the
likelihood of this kind of flaw occuring [sic] in the future,” the email
said.

DigitalOcean said it fixed the flaw and notified data protection
authorities, but it’s not clear what the apparent flaw was that put
customer billing information at risk.

In a statement, DigitalOcean’s security chief Tyler Healy said 1% of
billing profiles were affected by the breach, but declined to address our
specific questions, including how the vulnerability was discovered and
which authorities have been informed.

Companies with customers in Europe are subject to GDPR and can face fines
of up to 4% of their global annual revenue.

Last year, the cloud company raised $100 million in new debt, followed by
another $50 million round, months after laying off dozens of staff amid
concerns about the company’s financial health. In March, the company went
public, raising about $775 million in its initial public offering.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210429/17903ace/attachment.html>


More information about the BreachExchange mailing list