Cloud hosting provider DigitalOcean has disclosed a data breach after a flaw exposed customers’ billing information.
An email sent out to affected customers by DigitalOcean states that a “flaw” allowed an unauthorized user to access customers’ billing details between April 9th, 2021, and April 22nd, 2021.
“An unauthorized user gained access to some of your billing account details through a flaw that has been fixed. This exposure impacted a small percentage of our customers,” reads the email sent to customers.
The email states that the exposed information includes a customer’s billing name, billing address, payment card expiration, last four digits of credit card, and the payment card’s bank name.
DigitalOcean states that they have fixed the flaw and disclosed the breach to data protection authorities. It is not clear what agencies were notified.
Tyler Healy, VP Security at DigitalOcean, told TechCrunch that this flaw exposed only 1% of billing profiles.
BleepingComputer has reached out to DigitalOcean with further questions but has not heard back at this time.
DigitalOcean also suffered a data breach last year when they made a document containing information about customer’s accounts available via a public link.