Cloud hosting giant, DigitalOcean has been hacked, exposing its customers billing data. According to Techcrunch, the company has confirmed an unauthorized exposure of details associated with the billing profile of the DigitalOcean account.
The company has sent emails to its customers informing them about the data breach resulting in compromising their billing data over the last two weeks between April 9 and April 22. The bad actor gained access to some of the billing account details via a flaw, which has been fixed by DigitalOcean.
The email sent by the company to its users mentioned customer billing names and addresses to have been leaked along with the last four digits of the payment card, its expiry date, and the name of the card-issuing bank. Though the hackers did not manage to access the customer’s DigitalOcean accounts, and passwords and account tokens were not involved in the breach.
The email also mentioned the company implementing additional security measures to monitor customer accounts. Also assured the customer saying the updated security measures will ensure such an incident will not happen again in the future.
The flaw has been fixed by DigitalOcean as of now, but it is still not clear the exact flaw that resulted in this data breach.
Tyler Healy, Security Chief, Digital Ocean said 1% of billing profiles were impacted by the attack. Though he did not shed much light on the questions asked by the internet media.
DigitalOcean has a presence in Europe and is subject to GDPR and may have to end up paying 4% of its global annual earnings as a fine.