Customers of the US cloud infrastructure provider Digitalocean have been affected by a recent security incident identified by the email marketing company Mailchimp. A security breach exposed the email addresses of some customers, and a small percentage of those customers received an unauthorized password reset. On August 8, Tyler Healey, head of security at Digitalocean, the company announced that the Mailchimp account had been compromised as part of the statement “we suspect this is a broader Mailchimp security incident affecting its customers targeting encryption and blockchain”. According to a recent DigitalOcean blog post, transactional emails from the platform delivered through Mailchimp have stopped reaching the mailboxes of DigitalOcean customers. This was noticed during internal tests by engineering teams. It was also found that the Mailchimp account was suspended without access and no other information was provided by Mailchimp.
Therefore, Digitalocean’s customer confirmations via email, password reset, product health alerts via email, and dozens of other transactional emails could not reach the recipient. One of the first discoveries was a non-DigitalOcean email address that appeared in the regular Mailchimp email on August 7. [@] arxxwalls.com the email was missing from a similar Mailchimp email from August 6. This led us to a strong belief that our Mailchimp account had been compromised,” Digital Ocean said. After discovering the problem, DigitalOcean started reaching out to our Mailchimp through support channels. The company informed that the first actionable response and meeting with the Mailchimp/Intuit legal team was received on August 10 to understand the consequences of the incident. DigitalOcean said it understood the attacker had “compromised Mailchimp’s internal tools.”
In October, the attackers used stolen customer email addresses to access DigitalOcean accounts by resetting passwords. Internal logging specifies the attacker’s IP address. x. 213.155.164. The company confirmed a small number of DigitalOcean accounts were targeted by malicious password resets. Although not all discharges were successful.