Hack Notice

Hack Notice: DigitalOcean

DigitalOcean

Source

https://www.helpnetsecurity.com/2022/08/16/mailchimp-digitalocean-security-incident/

Description

DigitalOcean customers affected by Mailchimp security incident A recent assail targeting crypto-related users of Mailchimp has ended up affecting users of cloud infrastructure provider DigitalOcean, the latter company has announced on Monday. On august 8th, DigitalOcean discovered that our Mailchimp account had been compromised as part of what we suspect to be a wider Mailchimp certificate incident that affected their customers, targeted at crypto and blockchain. From that Mailchimp incident, we suspect certain DigitalOcean customer email addresses may have been exposed, shared Tyler Healy, VP Security at DigitalOcean. What happened? Mailchimp is an email marketing automation platform, which DigitalOcean uses or did use, until this incident to deliver email confirmations, password resets, email-based alerts for product health, and dozens of other transactional emails to its users. At 3:30pm ET on august 8th, 2022 transactional emails from our platform, delivered through Mailchimp, stopped reaching our customers inboxes, Healy explained. During that same timeframe on August 8th, our surety Operations team was made aware of a customer who claimed their password had been reset, without their initiation. Recognizing a likely connection between our sudden red of transactional email, and potentially malicious parole resets, which are delivered via email, a security incident and investigation was launched in parallel with the teams addressing our email outage. The investigation discovered that DigitalOceans Mailchimp account had been compromised, and soon after suspended by Mailchimp. Also, that the compromised Mailchimp account provided the attacker with email addresses of DigitalOcean customers, allowing them to initiate malicious parole resets against a limited set of accounts. Some of the password reset attempts were not successful, but some were. At least one account takeover attempt was foiled by the fact that the aggressor wasnt able to receive their hands on the endorse certification component needed to access to the account. Healy said that the customers accounts that experience been targeted have been secured, and [its owners] have been contacted directly. Attempted compromise via third party The incident spurred DigitalOcean to last their quislingism with Mailchimp and spell with another email service provider. The troupe also learned that the chains of trust, when broken, can make significant downstream consequences. Our threat models and security visibility must improve in our third-party SaaS and PaaS environments, Healy noted. Finally, the incident will spur them to push customers towards enabling 2-factor authentication on their account, while they are simultaneously thinking about making two-factor hallmark on-by-default for all DigitalOcean customer accounts. Since the assailant grabbed customer emails addresses, the troupe is also warning users about possible phishing attempts in the approach weeks. In third-party-compromise-related news, the recent Twilio breach has resulted in the compromise of phone numbers or SMS verification codes of 1,900 registered signal users.

About HackNotice and DigitalOcean

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and DigitalOcean was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of DigitalOcean their products, services, websites, or applications and you were a client of HackNotice, monitoring for DigitalOcean you may have been alerted to this report about DigitalOcean . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If DigitalOcean had a transgress of consumer data or a data leak, then there may live additional actions that our clients should make to protect their digital identity. Data breaches, hacks, and leaks often lead to and do identicalness theft, account take overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer info through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice workings to monitor for hacks that direct to lower client certificate and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice works with clients to identify the extent that digital identities have been exposed and provides remediation suggestions for how to handgrip each typecast of exposure.

HackNotice monitors the hacker community, which is a network of individuals that part data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account take overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that ache consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that point breaches, hacks, and exposed digital identities.

HackNotice also enables clients to portion cut notices with their friend, family, and collogues to assist growth consciousness around alleged hacks, breaches, or data leaks. HackNotice works to ply clients with sharable reports to help increase the surety of our clients personal network. The security of the multitude that our clients interact with directly impacts the layer of security of our clients. Increased exposure to accounts that have been taken over by hackers leads to further account take overs through phishing, malware, and other attach techniques.

If you found this nag observation to be helpful, then you may be interested in reading some additional jade notices such as:

e injuries. a data transgress may include incidents such as theft or loss of digital media States between January 2005 and May 2008, excluding incidents where sensitive data was apparently n According to the nonprofit consumer organisation secrecy Rights Clearinghouse, a tally of 227,

WA: W-2 wage information of Kent city employees inadvertently disclosed | Update

pinjuhlaw.com

Mansfield ISD hit with ransomware attack, district says - WFAA.com