Cloud infrastructure provider DigitalOcean is informing customers that it inadvertently exposed some of their data to the Internet. Headquartered in N
Cloud infrastructure provider DigitalOcean is informing customers that it inadvertently exposed some of their data to the Internet.
Headquartered in New York City, the company provides cloud services to developers looking to deploy and scale applications running on multiple systems.
Last week, the company started alerting customers that some of their data might have been accessed by third-parties after a document from 2018 was unintentionally made available via a public link.
“This document contained your email address and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018,” a copy of the notification that was shared online reads.
The email alert also informed customers that the document had been accessed at least 15 times before the leak was noticed and plugged.
Responding to an email inquiry from SecurityWeek, the company said it feels “confident there was no malicious access to that document,” but that it decided to inform customers anyway, for transparency.
DigitalOcean also revealed that less than 1% of its customer base was impacted by the incident, and that account name and email address represented the only personally identifiable information (PII) included in the exposed file.
“This was not related to a malicious act to access our systems. Our customers trust us with their data and we believe that an unintended use of that data, no matter how small, is reason enough to be transparent,” a company spokesperson said.
Replying to a comment to the publicly shared emailed notification, a DigitalOcean employee revealed that customers receiving the alert could learn specific details on the amount of information that was exposed for them by replying to the notification itself.