DigitalOcean has revealed that some of its customers’ emails were exposed to attackers thanks to an attack on the Mailchimp email marketing service.

DigitalOcean has reported on its website a security incident suffered due to a security breach caused by its email provider, Mailchimp.

On August 8, they discovered that their Mailchimp account had been compromised, affecting their customers and targeting the world of crypto and blockchain. They suspect that this happened  due to a Mailchimp security incident.

As of this incident, several DigitalOcean customer email accounts may have been exposed. From DigitalOcean they indicate that they have contacted those responsible for each account to notify them.

Some customers also experienced password reset attempts on their accounts which also indicates to us that these customers have been protected and contacted directly.

As of August 9 at 11 PM, DigitalOcean had migrated all of its critical email services out of Mailchimp.

From DigitalOcean they share peace of mind, since no customer information other than the email address has been compromised, however, they predict an increase in phishing attacks in the coming weeks and emphasize the importance of having “FA authentication enabled.

How has everything happened?

On August 8, they discovered through an internal test that their customers had stopped receiving emails. With this finding they discovered that their Mailchimp account had been suspended, without access and without information from Mailchimp.

On the same August 8, a client reported that a password reset had been requested on their account without them requesting it, which initiated a security incident and an investigation.

One of the first discoveries was an email address that appeared in an email on August 7 that had not been there the day before. This led them to believe that their Mailchimp account had been compromised.

Research on password resets led them to a single IP (the attacker’s) that had successfully changed the password, however, the two-factor authentication did not allow the attacker to access the account.

Their incident response team took steps to protect these accounts and communicated separately with each affected account. They confirm that the attacks against the accounts stopped after August 7.

At this time, it was decided to migrate critical Mailchimp services to another provider, which ended on August 9 at 11 PM.

Finally, due to all this fact, they warn of the importance of enabling the double authentication factor in all our systems, especially the critical ones.