We quickly discovered our Mailchimp account had been suspended, with no access, and no other information being provided by Mailchimp. This was discovered by an internal test run by engineering teams to monitor the health of our signup process. No customer information other than email address was compromised, however, we recommend increased vigilance against phishing attempts in the coming weeks, in addition to enabling two-factor authentication on your DigitalOcean account.Īt 3:30pm ET on August 8th, 2022 transactional emails from our platform, delivered through Mailchimp, stopped reaching our customers’ inboxes.As of August 9th, we have migrated email services away from Mailchimp.These customers’ accounts have been secured, and have been contacted directly. A very small number of DigitalOcean customers experienced attempted compromise of their accounts through password resets.Out of an abundance of caution, we are currently sending email communications to those impacted. From that Mailchimp incident, we suspect certain DigitalOcean customer email addresses may have been exposed.On August 8th, DigitalOcean discovered that our Mailchimp account had been compromised as part of what we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain.
Caret models update#
Today, we wanted to share an update about how DigitalOcean and our customers were impacted by a recent security incident disclosed by Mailchimp. When our customers' security is threatened we respond swiftly, communicate with transparency, and take accountability, even if the incident root cause occurs beyond the boundaries of DigitalOcean systems. The security of DigitalOcean customers and their data is a responsibility we approach with utmost dedication.