Cloud hosting provider DigitalOcean says a small fraction of its customers have been impacted in a data breach in which customers’ billing information has leaked.
The company disclosed this in an email sent out to affected customers in which DigitalOcean stated that an unauthorized user gained access to customers’ billing details due to a “flaw” between April 9th, 2021, and April 22nd, 2021.
“An unauthorized user gained access to some of your billing account details through a flaw that has been fixed. This exposure impacted a small percentage of our customers,” reads the email.
According to the email, the leaked information includes billing names, billing addresses, payment card expiration dates, last four digits of credit cards, and the payment cards’ bank name.
The company assured that the attacker did not access customers’ accounts and did not steal passwords and account tokens in this breach.
The company also said in the email they took protective measures to additionally secure customer accounts:
“To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occuring [sic] in the future,”
DigitalOcean has already fixed the bug that allowed the breach and notified data protection authorities about the breach. The company did not say what agencies it notified.
Tyler Healy, VP Security at DigitalOcean, told TechCrunch that the incident exposed only 1% of the billed customers. He declined to share to TechCrunch how the vulnerability had been discovered by DigitalOcean.
Last year, DigitalOcean dealt with another data breach when they told about a document with customers’ account information available to anyone via a public link.