Digital Ocean springs a leak: Miscreant exploits hole to peep on unlucky customers' billing details for two weeks

2021-04-29 05:05

Digital Ocean on Wednesday said someone was able to snoop on some of its cloud subscribers' billing information via a now-patched vulnerability.

In an email to affected customers seen by The Register - and full disclosure, your Register vulture is a customer - the rent-a-server biz said that two days ago it confirmed a miscreant had gained unauthorized access to some people's account records.

The sneak was able to glimpse the data between April 9 and 22 via an undisclosed security hole that Digital Ocean said it has now closed up.

Digital Ocean stressed it does not store full card numbers, and that accounts were left untouched, and passwords and access tokens were not accessed.

We've asked Digital Ocean to reveal which authorities exactly it has spoken to, and if it plans to shed any more light on the flaw and why apparently so few people - one per cent of its customer base, a spokesperson told TechCrunch - were affected.

We say Digital Ocean is an IaaS provider, though the $320m-a-year corp has dipped its toes into the PaaS waters lately.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/04/29/digital_ocean_data_leak/

#digital #exploit #leak