Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Notification of potential DigitalOcean account email address exposure
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Notification of potential DigitalOcean account email address exposure

Just got this email from DO:

Hi there,

On August 8th, 2022, DigitalOcean discovered that our Mailchimp account had been compromised as part of a wider Mailchimp Security Incident. As a result, a number of DigitalOcean customer email addresses may have been viewed by an unauthorized individual.

Impact to you
No customer information other than email address was impacted; however, we recommend increased vigilance against phishing attempts in the coming weeks, in addition to enabling two-factor authentication on your DigitalOcean account. Please review our documentation on two-factor authentication for more information.

Actions we have taken
At DigitalOcean, we take the protection of customer data very seriously, and we sincerely apologize that your email address may have been impacted by this incident. We have migrated our email services to another provider and are completing thorough security reviews to confirm our vendors’ security posture.

For more details on this incident, please read through our latest blog post. We are committed to holding ourselves accountable to our customers and prioritizing protecting your account. We welcome the opportunity to talk through any questions or concerns you may have - just reply to this email.

Sincerely,
DigitalOcean Security

Comments

  • jarjar Patron Provider, Top Host, Veteran
    edited August 2022

    This is the worst security disclosure I've ever read: https://mailchimp.com/august-2022-security-incident/

    If after three days one of your customers has sent out a better disclosure than you, and you still haven't acknowledged any potential issue on your side besides apologizing to crypto bros for an appearance of being targeted, sounds like DO is doing right to get the fuck out.

  • @jar said:
    This is the worst security disclosure I've ever read: https://mailchimp.com/august-2022-security-incident/

    I don’t get it. So is this DO’s fault or Mailchimp’s fault? Reading the mail from DO seems like Mailchimp had some kind of issue, and got their account compromising, but reading the blog post from MC seems like the clients (crypto companies? do?) somehow got their credentials stolen.

    Thanked by 2jar lentro
  • jarjar Patron Provider, Top Host, Veteran

    @sanvit said:

    @jar said:
    This is the worst security disclosure I've ever read: https://mailchimp.com/august-2022-security-incident/

    I don’t get it. So is this DO’s fault or Mailchimp’s fault? Reading the mail from DO seems like Mailchimp had some kind of issue, and got their account compromising, but reading the blog post from MC seems like the clients (crypto companies? do?) somehow got their credentials stolen.

    Yeah that's the frustrating part. We're a few days past a security advisory that seemingly made a point to not clearly make a point, and now a big customer is admitting to noping out because their account got compromised.

    Really bad look for MC.

    Thanked by 1sanvit
  • raindog308raindog308 Administrator, Veteran

    @jar said: Really bad look for MC.

    They're getting good at wearing it.

    Thanked by 2jar lentro
  • ehhthingehhthing Member
    edited August 2022

    This may or may not be related, but I created and used a burner card for DO a few weeks ago and in the last week I've been notified that the card was attempted to be used elsewhere. I have not used the card anywhere else, it was only ever created for digitalocean.

  • ralfralf Member

    Although this:

    We have migrated our email services to another provider and are completing thorough security reviews to confirm our vendors’ security posture.

    Common sense would suggest you should do the security reviews prior to giving the data to someone else, not after.

  • ralfralf Member

    Looks like there was a Twilio breach last week too: https://www.twilio.com/blog/august-2022-social-engineering-attack

  • davidobrik567davidobrik567 Member
    edited August 2022

    @ralf said:
    Looks like there was a Twilio breach last week too: https://www.twilio.com/blog/august-2022-social-engineering-attack

    cloudflare too. they don't use totp anymore, full yubikeys

    https://blog.cloudflare.com/2022-07-sms-phishing-attacks/

  • SwiftnodeSwiftnode Member, Host Rep
    edited August 2022

    @davidobrik567 said:

    @ralf said:
    Looks like there was a Twilio breach last week too: https://www.twilio.com/blog/august-2022-social-engineering-attack

    cloudflare too. they don't use totp anymore, full yubikeys

    https://blog.cloudflare.com/2022-07-sms-phishing-attacks/

    I'm normally pretty supportive of Cloudflare, and their blog posts around security/DDoS incidents are usually pretty good reads.

    But this blog post says;

    This was a sophisticated attack targeting employees and systems in such a way that we believe most organizations would be likely to be breached.

    And then goes on to show how employees were contacted via text message, see;

    I fail to see how "most organizations would be likely to be breached." This seems like a pretty obvious phishing attempt to me. Not really all that sophisticated of an attack either.

    Thanked by 1jar
  • emghemgh Member

    @Swiftnode said:

    @davidobrik567 said:

    @ralf said:
    Looks like there was a Twilio breach last week too: https://www.twilio.com/blog/august-2022-social-engineering-attack

    cloudflare too. they don't use totp anymore, full yubikeys

    https://blog.cloudflare.com/2022-07-sms-phishing-attacks/

    I'm normally pretty supportive of Cloudflare, and their blog posts around security/DDoS incidents are usually pretty good reads.

    But this blog post says;

    This was a sophisticated attack targeting employees and systems in such a way that we believe most organizations would be likely to be breached.

    And then goes on to show how employees were contacted via text message, see;

    I fail to see how "most organizations would be likely to be breached." This seems like a pretty obvious phishing attempt to me. Not really all that sophisticated of an attack either.

    Though, with enough prospects, one falling for it might be enough? If so, probably could happen at most places.

  • jarjar Patron Provider, Top Host, Veteran

    @emgh said:

    @Swiftnode said:

    @davidobrik567 said:

    @ralf said:
    Looks like there was a Twilio breach last week too: https://www.twilio.com/blog/august-2022-social-engineering-attack

    cloudflare too. they don't use totp anymore, full yubikeys

    https://blog.cloudflare.com/2022-07-sms-phishing-attacks/

    I'm normally pretty supportive of Cloudflare, and their blog posts around security/DDoS incidents are usually pretty good reads.

    But this blog post says;

    This was a sophisticated attack targeting employees and systems in such a way that we believe most organizations would be likely to be breached.

    And then goes on to show how employees were contacted via text message, see;

    I fail to see how "most organizations would be likely to be breached." This seems like a pretty obvious phishing attempt to me. Not really all that sophisticated of an attack either.

    Though, with enough prospects, one falling for it might be enough? If so, probably could happen at most places.

    That's fair. You can't forget about sales teams, they're a pretty normal department in most companies.

    Thanked by 3emgh lentro Erisa
  • People still use MailChimp? Overpriced and bloated imo...

  • jarjar Patron Provider, Top Host, Veteran

    @ehhthing said:
    This may or may not be related, but I created and used a burner card for DO a few weeks ago and in the last week I've been notified that the card was attempted to be used elsewhere. I have not used the card anywhere else, it was only ever created for digitalocean.

    I would pursue every other avenue in the meantime. Computer virus intercepting input, compromised account with the card generator (like privacy.com or similar I'm guessing). DO doesn't store cards themselves, they're stored with stripe.

  • raindog308raindog308 Administrator, Veteran

    @Swiftnode said: I fail to see how "most organizations would be likely to be breached." This seems like a pretty obvious phishing attempt to me. Not really all that sophisticated of an attack either.

    You'd be surprised how often stuff like that succeeds. Anti-phishing is a major headache in organizations.

    The senior sysadmin doesn't fall for this, but the receiving clerk or admin assistant might.

    Thanked by 2emgh Maounique
  • vyas11vyas11 Member
    edited August 2022

    @ralf said:
    Looks like there was a Twilio breach last week too: https://www.twilio.com/blog/august-2022-social-engineering-attack

    The 1,900 phone numbers revealed as a result of Twilio breach - users of Signal- is more interesting news.

    https://techcrunch.com/2022/08/15/signal-phone-number-exposed-twilio/

    Thanked by 1jar
  • MaouniqueMaounique Host Rep, Veteran
    edited August 2022

    @raindog308 said: admin assistant

    Maybe an illiterate one, I know very few people who would fall for phishing over here and they are NOT in IT. My 78 yo father is an example, but even he knows his vulnerabilities and opted out of online management of his money, he goes at the bank, physically...

  • vyas11vyas11 Member
    edited August 2022

    @Maounique said:

    @raindog308 said: admin assistant

    Maybe an illiterate one, I know very few people who would fall for phishing over here and they are NOT in IT. My 78 yo father is an example, but even he knows his vulnerabilities and opted out of online management of his money, he goes at the bank, physically...

    You married, my friend? Or got a large family (or In Laws' family) ? During the next family gathering carry a case of wine and you may learn enough to revise your first statement.

    edit: You can even get enough material to write your next book on the topic.

Sign In or Register to comment.