DigitalOcean Users Email Expose after Mailchimp Security Incident

Popular cloud infrastructure provider, DigitalOcean disclosed the security incident stating that its customer's email address has been exposed after the Mailchimp security incident. 

In the blog post, DigitalOcean says its customers were impacted by a recent security incident disclosed by Mailchimp.

"On August 8, DigitalOcean discovered that the company's Mailchimp account had been compromised as part of what we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain" - blog post reads.

According to DigitalOcean, an internal test by DigitalOcean's engineering team discovered that transactional emails delivered through Mailchimp were no longer reaching customers. Later, DigitalOcean came to know that company's Mailchimp account had been suspended without any prior information from Mailchimp. 

The suspension of Mailchimp accounts adversely affected, email confirmations, password resets, email-based alerts for product health, and other transactional emails of DigitalOcean.

In the investigation of the incident, the DigitalOcean security team founds a non-DigitalOcean email address [(@)arxxwalls.com], which appeared on a regular email from Mailchimp. This clarifies DigitalOcean Mailchimp account was compromised.

On August 10th DigitalOcean was notified by Mailchimp of the unauthorized access to DigitalOcean and other accounts by an attacker who had compromised Mailchimp's internal tooling.

Alongside, Mailchimp published an advisory relating to the DigitalOcean incident which reads-

"Across the tech industry, malicious actors are increasingly deploying an array of sophisticated phishing and social engineering tactics targeting data and information from crypto-related companies. In response to a recent attack targeting Mailchimp’s crypto-related users, we’ve taken proactive measures to temporarily suspend account access for accounts where we detected suspicious activity while we investigate the incident further. We took this action to protect our users’ data, and then acted quickly to notify all primary contacts of impacted accounts and implement an additional set of enhanced security measures. We did not suspend accounts based on their industry, and we are committed to continuing to serve crypto companies. We are reviewing our Standard Terms of Use and Acceptable Use Policy in light of our commitment to bringing innovative crypto solutions to our customers."

DigitalOcean noted that a very small number of DigitalOcean customers experienced attempted compromise of their accounts through password resets. Affected customers have been contacted directly and their accounts have been secured. In the meantime, DigitalOcean has migrated its email service from MailChimp to another service provider.

DigitalOcean Recommends and Implements

DigitalOcean noted that Two-factor authentication saved a handful of customers targeted by the attacker from complete account compromise. 

Hence, using two-factor authentical (2FA) on DigitalOcean adds an additional layer of security against unauthorized access to users' accounts. Even if a bad actor gains access to a user's password, they still can’t access DigitalOcean accounts without also having your phone or 2FA code.

In this regard, DigitalOcean is implementing two-factor authentication on-by-default for all DigitalOcean customer accounts. So if you are already a user of the service, it is strongly recommended to enable 2FA on your DigitalOcean accounts.

Enabling Two-Factor Authentication on DigitalOcean 

To enable 2FA for your DigitalOcean account, log in to the control panel and click the profile icon in the top right corner. In the menu that opens, click My Account to go to your My Account page. Then, in the Two-factor authentication section, click Set Up 2FA and follow the steps. 

If you use Google or GitHub OAuth, there is no two-factor authentication section because you are not using a username and password on your DigitalOcean account. It recommends that you enable two-factor authentication on the Google or GitHub account you use to log in to DigitalOcean.