DigitalOcean didn’t make any official statement about the data leak but the company started warning its customers by email. The email states that unknown and unauthorized third parties have stolen some crucial information about the customers. The company also stated that the incident happened due to negligence. The company admits that they unintentionally allowed access to an internal document without requiring any password.
Data were accessed at least 15 times
According to the email, the document contains customers’ email address and/or account name as well as some data about the customers’ account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount they paid during 2018. An investigation conducted by the company showed that third parties accessed the data at least 15 times before it was taken down. The company also stated in the email:
“Our community is built on trust, so we are taking steps to make sure this doesn’t happen again. We will be educating our employees on protecting customer data, establishing new procedures to alert us of potential exposures in a more timely manner, and making configuration changes to prevent future data exposure.”