Attackers are attempting to reset the passwords of some DigitalOcean customers, the cloud infrastructure provider says. Email addresses of these customers were exposed in a data breach involving Mailchimp, which provided transactional email services to DigitalOcean.
DigitalOcean says Mailchimp suspended its account on Aug. 8 without notice, citing “terms of service violation.” The move affected email confirmations, password reset requests, email-based alerts and other transactional email services, DigitalOcean says.
The same day, DigitalOcean’s security team learned that a customer’s password had been reset without authorization. The company says it secured the account and also found the IP address – x.213.155.164 – the attacker used to send the reset request.
