Engineering

DigitalOcean, Your Data, and the Cloudflare Vulnerability

Posted: February 24, 20171 min read

Over the course of the last several hours, we have received a number of inquiries about the Cloudflare vulnerability reported on February 23, 2017. Since the information release, we have been told by Cloudflare that none of our customer data has appeared in search caches. The DigitalOcean security team has done its own research into the issue, and we have not found any customer data present in the breach.

Out of an abundance of caution, DigitalOcean’s engineering teams have reset all session tokens for our users, which will require that you log in again.

We recommend that you do the following to further protect your account:

  • Update your password
  • Rotate your API tokens
  • Take the opportunity to turn on Two-Factor Authentication (we posted a blog entry earlier this week about our improved process)

Again, we would like to reiterate that there is no evidence that any customer data has been exposed as a result of this vulnerability, but we care about your security. So we are therefore taking this precaution as well as continuing to monitor the situation.

Nick Vigier, Director of Security

Share

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!Sign up

Related Articles

Dolphin: Mastering the Art of Automated Droplet Movement
engineering

Dolphin: Mastering the Art of Automated Droplet Movement

January 23, 20243 min read

DigitalOcean's journey to Python Client generation
engineering

DigitalOcean's journey to Python Client generation

January 26, 20233 min read

How DigitalOcean uses Let’s Encrypt
engineering

How DigitalOcean uses Let’s Encrypt

November 28, 20223 min read