DigitalOcean has millions of customers worldwide.
A couple of days ago it was reported that GoDaddy suffered a data breach after hackers accessed the company’s SSH accounts. Now, the world’s leading web hosting platform DigitalOcean became a victim of data breach not because of a security lapse.
Apparently, the company left exposed a sensitive internal document online. Resultantly, personal details of some of the company’s customers may have been exposed to unauthorized third parties.
The web hosting giant has confirmed the news of data breach and has notified customers about the incident via email which reveals important details of the incident.
The email explains that the data breach is a result of unintentional negligence from the company as an internal document containing personally identifiable information of some customers was left accessible on the internet without password protection.
A full preview of the email sent by DigitalOcean:
The document included details like the customers’ DigitalOcean account names and linked email addresses, and account data statistics like bandwidth usage, Droplet count, payments made during 2018, and support or sales communication records.
What’s even more concerning is the fact that this document has been accessed 15 times at least before it was taken offline.
In its official statement regarding the incident, DigitalOcean confirmed that there is no evidence of unauthorized access to the affected customers’ servers post the incident.
Moreover, the hosting service provider asserts that the internal document only contained less than 1% of the total customer data of the company, and it is implementing steps to prevent similar incidents in the future.
“We will be educating our employees on protecting customer data, establishing new procedures to alert us of potential exposures in a more timely manner, and making configuration changes to prevent future data exposure” the company affirmed.