American cloud infrastructure provider DigitalOcean has sent out emails to its customers warning about the leakage of their payment data.
According to the company, unidentified persons gained access to "some payment data through a vulnerability that has already been fixed" between April 9-22. As a result of the incident, the attackers got hold of the names and addresses of customers used for invoicing, as well as information about the last four digits of payment cards, their expiration dates and the name of the card issuing bank. The leak did not affect passwords and account tokens, the company said.
The provider has already eliminated the vulnerability through which the hack occurred, and notified the relevant authorities about it. To avoid similar incidents in the future, DigitalOcean has implemented account monitoring and additional security measures.
According to Tyler Healy, head of security at DigitalOcean, 1% of payment profiles were leaked, but he did not elaborate on how the vulnerability was identified or which regulators were notified of it.