Cloud infra provider DigitalOcean has admitted that some of its customers' personal information was exposed in a recent cybersecurity breach involving email marketing company Mailchimp.
DigitalOcean's head of security Tyler Healy said in a blog post on Tuesday that on August 8, the company discovered that its Mailchimp account had been compromised. "We suspect [it] to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain," he wrote.
Mailchimp had earlier admitted a recent attack targeting its crypto-related users, but did not divulge more details.
From that Mailchimp incident, DigitalOcean suspects that its own customer email addresses may also have been exposed. "Out of an abundance of caution, we are currently sending email communications to those impacted," said Healy.
DigitalOcean further said that a "very small number of DigitalOcean customers experienced attempted compromise of their accounts through password resets".
"These customers' accounts have been secured, and have been contacted directly. As of August 9th, we have migrated email services away from Mailchimp," the company informed.
It said that no customer information other than email addresses was compromised.
"However, we recommend increased vigilance against phishing attempts in the coming weeks, in addition to enabling two-factor authentication on your DigitalOcean account," the company advised.
Mailchimp said that they were continuing their investigation and proactively providing impacted users with timely and accurate information throughout the process.
DigitalOcean said that the broader email outage incident management team decided to immediately migrate critical services away from Mailchimp to another email service provider.