Cloud infrastructure provider DigitalOcean has admitted that some of its customers’ personal information was exposed in a recent security incident disclosed by email marketing company Mailchimp.
DigitalOcean’s head of security Tyler Healy said in a blog post on Tuesday that On August 8, the company discovered that its Mailchimp account had been compromised as part of what “we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain”.
Mailchimp had earlier admitted a recent attack targeting its crypto-related users, but did not divulge more details.
From that Mailchimp incident, we suspect certain DigitalOcean customer email addresses may have been exposed. Out of an abundance of caution, we are currently sending email communications to those impacted.
DigitalOcean said that a “very small number of DigitalOcean customers experienced attempted compromise of their accounts through password resets”.
“These customers’ accounts have been secured, and have been contacted directly. As of August 9th, we have migrated email services away from Mailchimp,” the company informed.
It said that no customer information other than email address was compromised.
“However, we recommend increased vigilance against phishing attempts in the coming weeks, in addition to enabling two-factor authentication on your DigitalOcean account,” the company advised.
Mailchimp said that they were continuing their investigation and proactively providing impacted users with timely and accurate information throughout the process.
DigitalOcean said that the broader email outage incident management team decided to immediately migrate critical services away from Mailchimp to another email service provider.