DigitalOcean Customer Billing Information Compromised During Data Breach

DigitalOcean, a cloud hosting provider, has disclosed a data breach involving customers' billing information.

In an email, the company warned its customers of "an unauthorized exposure of details associated with the billing profile on your DigitalOcean account."

According to DigitalOcean, over a two-week window between April 9 and April 22, an attacker gained access to customers' billing details through a code flaw.

The breach also leaked customers' billing names and addresses, as well as the last four digits of customer payment cards, expiry date, and the name of the card-issuing bank.

DigitalOcean assured their customers that they had implemented additional security measures to monitor the compromised accounts. The company expects its actions to reduce the likelihood of similar flaws occurring in the future.

While DigitalOcean claims they have fixed the bug and notified the authorities, it is currently unknown if the flaw has put customer billing information at risk.

Tyler Healy, DigitalOcean's security chief, said that 1% of billing profiles were affected by the breach but refused to give any specific details about the leak, including how the vulnerability was discovered and which authorities have been informed.

Companies with customers in the EU are subject to GDPR and face fines of up to 4% of their global annual revenue.