‘DigitalOcean’ Distributes Data Breach Notifications to Its Customers

Written by Bill Toulas
Last updated September 17, 2021

‘DigitalOcean,’ the New York-based cloud service provider, is distributing data breach notices to its customers via email. From what is being reported, the compromised data includes the billing details that are linked to the DigitalOcean accounts. The exposure period was defined to be between April 9 and April 22, 2021, so it lasted for about 13 days. As the notification further details, user accounts haven’t been accessed, while passwords and tokens aren’t involved in this breach either.

The following information was accessed:

Judging from these generic statements, we would deduce that the incident involved a card skimming snippet that was planted on DigitalOcean’s checkout page, but the firm hasn’t clarified this. What they stated is that the website is secure now, and their team has implemented additional security monitoring on all user accounts to make sure that this kind of flaw won’t occur in the future. Certainly, it would be nice to hear what flaw that was, but we didn’t get that.

On the number of accounts that this has impacted, the company’s security head Tyler Healy stated on TechCrunch that only 1% of billing profiles were affected. This is again consistent with the skimmer theory, but Healy declined to comment any further or address specific questions. Considering the size of the DigitalOcean customer base, though, even that 1% corresponds to a very significant number of entities.

The notification that is circulated to the affected clients also claims that the relevant data protection authorities have been notified, which should involve those in Europe. If these authorities investigate the breach and find GDPR violations, DigitalOcean could face fines of up to 4% of its global annual revenue.

In 2020, the company had revenue of $318.4 million, so the relevant fine could reach a figure of up to $12.7 million. Considering that the company is already going through a rough period in terms of its financial situation, something like that won’t be helpful at all.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: