Hacker News new | past | comments | ask | show | jobs | submit login
DigitalOcean Data Leak
14 points by htfy96 on May 8, 2020 | hide | past | favorite | 7 comments
Just received the following mail:

> Hi there,

> Yesterday we learned that a DigitalOcean-owned document from 2018 was unintentionally made available via a public link. This document contained your email address and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018. After a detailed review by our security team we identified it was accessed at least 15 times before the document was taken down.

> Our community is built on trust, so we are taking steps to make sure this doesn’t happen again. We will be educating our employees on protecting customer data, establishing new procedures to alert us of potential exposures in a more timely manner, and making configuration changes to prevent future data exposure.

> We believe in holding ourselves accountable to our customers and that includes when we make mistakes. While we can assure you that your Droplets and other systems you run on our platform have not been impacted by this mistake, we are committed to being transparent anytime we feel your data has been used in a way that does not align with our values.

> We welcome the opportunity to talk through any questions or concerns you may have — just reply to this email.

> Thank you,

> Trust @ DigitalOcean

I just received the same and i would have much appreciated if they also shared the actual data with us, only MY OWN data obviously :)

hey dud3z, Tyler here from DO Security. If you respond to the note we sent you, we can share back specific details. In all but a small number of cases, it was the email address and name you entered for your DO account.

I already replied back at the mail from my business account (@r31nv3nt3d, need to un1337 it) with some questions minutes after receiving it, looking forward for a reply there, thanks!

hey - im working on a product you might find interesting, it's about protecting your data in a personal data vault that can only be accessed BY YOU www.theabook.com is the landing page for now

Just noting that I've been a customer since 2014 and didn't receive this email.

Not every customer got this e-mail, because not every data was leaked

Got the same. Did they say somewhere how many accounts were affected?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact