DigitalOcean reports that some customers’ email addresses were compromised as part of a broader Mailchimp security incident. As a result, DigitalOcean customers’ email addresses could be in the public domain. DigitalOcean has sent an email to its users informing the security incident, ‘Notification of potential DigitalOcean account email address exposure.’
Tyler Healy, security director at DigitalOcean, also shared detailed information about the incident, he said that the company learned that their Mailchimp account was compromised as part of what “we believe to be a broader Mailchimp Security breach that affected their customers, specifically blockchain and crypto.”
Mailchimp had previously admitted to an attack on its crypto-related Customers but did not provide additional details.
“These accounts of Customers are secured and they have been directly contacted. As of the 9th of August we have moved Emails away from Mailchimp,” the company said. It was stated that no information about the customer besides email addresses was compromised.
A company spokesperson told TechCrunch that 214 Mailchimp accounts were affected by this security incident, which comes just months after hackers compromised an internal Mailchimp tool to access information on 300 accounts.
DigitalOcean stated that they had a “very small percentage of DigitalOcean Customers were able to experience attempted breach of their accounts via resets of passwords”.
“These accounts of Customers are secured and they have been directly contacted. As of the 9th of August we have moved Emails away from Mailchimp,” the company informed.
It was stated that no information about the customer besides email addresses was compromised.
“However we would recommend heightened vigilance against phishing attacks in the coming days, in addition to enabling two-factor authentication for your DigitalOcean account,” the company advised.
Mailchimp announced that they would continue their investigation and were proactive in providing affected users with current and precise information throughout the study.
DigitalOcean stated that the wider email outage management team had decided to move urgently essential services from Mailchimp to a different service for email.
Also Read: The Dawn of a New (Ransomware) Age