DigitalOcean admits data breach exposed customers’ billing details

DigitalOcean, the popular cloud-hosting provider, has told some of its customers that their billing details were exposed due to what it described as a “flaw.”

In an email sent out to affected users, DigitalOcean explained that an unauthorised party had managed to exploit the flaw to gain access to billing information between April 9 and April 22, 2021.

The following information from profiles was accessed:

  • Billing name
  • Billing address
  • Payment card expiration date
  • Last four digitals of user’s payment card
  • Payment card bank name

The company was at pains to underline that it does not store users’ fill payment card numbers and so they were not exposed. In addition, DigitalOcean says that it has fixed the flaw that the hacker exploited, and informed data protection authorities about the breach.

As reported by TechCrunch, a statement released by DigitalOcean claimed that only 1% of billing profiles had been impacted by the breach. (A few years ago, the company was claiming to have one million users – which would put the number of exposed accounts at north of 10,000.)

It’s not the first time that DigitalOcean has suffered a data breach that exposed customer information.

In May 2020, for instance, the company advised that a DigitalOcean-owned document from 2018 containing customer details was “unintentionally made available via a public link.”