DigitalOcean, Your Data, and the Cloudflare Vulnerability

Posted 2017-02-24  in Engineering

Over the course of the last several hours, we have received a number of inquiries about the Cloudflare vulnerability reported on February 23, 2017. Since the information release, we have been told by Cloudflare that none of our customer data has appeared in search caches. The DigitalOcean security team has done its own research into the issue, and we have not found any customer data present in the breach.

Out of an abundance of caution, DigitalOcean's engineering teams have reset all session tokens for our users, which will require that you log in again.

We recommend that you do the following to further protect your account:

  • Update your password
  • Rotate your API tokens
  • Take the opportunity to turn on Two-Factor Authentication (we posted a blog entry earlier this week about our improved process)

Again, we would like to reiterate that there is no evidence that any customer data has been exposed as a result of this vulnerability, but we care about your security. So we are therefore taking this precaution as well as continuing to monitor the situation.

Nick Vigier, Director of Security