"On August 8, DigitalOcean discovered that the company's Mailchimp account had been compromised as part of what we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain" - blog post reads.
According to DigitalOcean, an internal test by DigitalOcean's engineering team discovered that transactional emails delivered through Mailchimp were no longer reaching customers. Later, DigitalOcean came to know that company's Mailchimp account had been suspended without any prior information from Mailchimp.
The suspension of Mailchimp accounts adversely affected, email confirmations, password resets, email-based alerts for product health, and other transactional emails of DigitalOcean.
In the investigation of the incident, the DigitalOcean security team founds a non-DigitalOcean email address [(@)arxxwalls.com], which appeared on a regular email from Mailchimp. This clarifies DigitalOcean Mailchimp account was compromised.
On August 10th DigitalOcean was notified by Mailchimp of the unauthorized access to DigitalOcean and other accounts by an attacker who had compromised Mailchimp's internal tooling.
Alongside, Mailchimp published an advisory relating to the DigitalOcean incident which reads-
DigitalOcean noted that a very small number of DigitalOcean customers experienced attempted compromise of their accounts through password resets. Affected customers have been contacted directly and their accounts have been secured. In the meantime, DigitalOcean has migrated its email service from MailChimp to another service provider.
DigitalOcean Recommends and Implements
DigitalOcean noted that Two-factor authentication saved a handful of customers targeted by the attacker from complete account compromise.
Hence, using two-factor authentical (2FA) on DigitalOcean adds an additional layer of security against unauthorized access to users' accounts. Even if a bad actor gains access to a user's password, they still can’t access DigitalOcean accounts without also having your phone or 2FA code.
In this regard, DigitalOcean is implementing two-factor authentication on-by-default for all DigitalOcean customer accounts. So if you are already a user of the service, it is strongly recommended to enable 2FA on your DigitalOcean accounts.
Enabling Two-Factor Authentication on DigitalOcean
To enable 2FA for your DigitalOcean account, log in to the control panel and click the profile icon in the top right corner. In the menu that opens, click My Account to go to your My Account page. Then, in the Two-factor authentication section, click Set Up 2FA and follow the steps.
If you use Google or GitHub OAuth, there is no two-factor authentication section because you are not using a username and password on your DigitalOcean account. It recommends that you enable two-factor authentication on the Google or GitHub account you use to log in to DigitalOcean.