DigitalOcean found itself in an embarrassing situation when it was revealed that the company did not instantly wipe their cloud SSD hard drives once their client’s data needed to be migrated away from a specific server. This oversight potentially gave new clients the ability to see previous clients’s data if they were placed on the same virtual hosts.
The exploit was found by Jeffrey Paul who describes himself as a researcher who lives in Berlin, Germany. When Paul began poking around in his DigitalOcean setup, he realized that he could retrieve the web logs of a person who previously used that specific server. Had this exploit been in the wrong hands and sensitive data happened to reside on that specific SSD, a serious data breach could have occurred. That doesn’t seem to have happened though, according to various sources that are covering the story. DigitalOcean has since fixed the security issue by instituting a data scrubbing policy and the company went on to apologize for the hiccup.
DigitalOcean is one of the fastest growing cloud service providers in the world. Data from Gartner suggests that DigitalOcean has risen from outside the top 1,500 cloud service providers into the top 15 in just one year. While the cloud is elastic and scales up and down quickly, man power inside a datacenter and on a development staff isn’t always as rapidly available. It’s obvious the crew at DigitalOcean is racking up some serious overtime with their rapid expansion.
Mitch Wainer is DigitalOcean’s Chief Marketing Officer and he recently provided an interview to the VentureBeat blog. He believes the issue was a “Hiccup” and that the incident “Definitely has affected some of our newly acquired customers, or customers who are thinking about migrating to DigitalOcean in the past … few days.” He went on to say that he expects the growth to continue and that the new features added into DigitalOcean’s platform will offset any ongoing resentment from this security issue.