Interesting question where TC got that information. The e-mail only states "This exposure impacted a small percentage of our customers." but no explicit percentage.
EDIT: Rereading the article helped: they received a statement from DO.
Thanks. But, I was trying to find out - how ‘DO’ - or any other breached company for that matter - come to know about the effected users. Sorry, I missed mentioning that
Hello,
On April 26, 2021, we confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account. The exposure has been fixed, and your complete payment card account number was not exposed. We will monitor your DigitalOcean account for any unusual activity. No action is required by you at this time.
What happened:
An unauthorized user gained access to some of your billing account details through a flaw that has been fixed. This exposure impacted a small percentage of our customers.
The unauthorized access occurred between April 9, 2021 and April 22, 2021.
The following billing profile information was accessed:
Billing Name
Billing Address
Payment Card Expiration
Last 4 Digits of Payment Card
Payment Card Bank Name
We do not store your full payment card account number, and it was not exposed.
What we have done:
We have fixed the flaw that enabled this exposure, and unauthorized parties can no longer access this information.
We have notified relevant data protection authorities.
To be extra careful, we have implemented additional security monitoring on your account.
We are expanding our security measures to reduce the likelihood of this kind of flaw occuring in the future.
How this impacts your account:
Your DigitalOcean account was not accessed. Our account recovery procedures require more information than what was exposed. Your account is not at risk.
Your account password and tokens were not involved in this exposure.
Requests to change your account details may take longer to process and may require additional verification.
No action is required by you at this time.
We believe in holding ourselves accountable to our customers and are committed to protecting your account. We welcome the opportunity to talk through any questions or concerns you may have — just reply to this email.
Thanks,
Trust @ DigitalOcean
I'm not completely sure what exactly you are trying to say, but it seems to me that I somehow deserve some of my personal information being stolen, because someone that also uses DigitalOcean sends you "dodgy packets". What?
I made no comment regarding DO allowing your info to be exfil'd.
I was opining that the spammers that are comfortable on DO networks deserve any spamming that might come their way.
13 comments
[ 2.9 ms ] story [ 43.8 ms ] threadmost recent message is to top up my account
in my defense the page was doing that jumpy /jerky scrolly jank that frustrates me so I bailed early.
EDIT: Rereading the article helped: they received a statement from DO.
Maybe there's some cosmic justice if the DO customers who've been endlessly crapping up our logs get spammed themselves.