DigitalOcean is updating its code in order to make its public cloud platform more secure after a German researcher pointed out that it doesn’t automatically wipe data off of fast solid-state disk drives used for storage.
According to a report by VentureBeat on Monday, Jeffrey Paul, a hacker and researcher based in Berlin, posted on GitHub over the weekend and showed how it was possible for a customer who uses a DigitalOcean virtual server to pull data from its previous owner.
“We wanted to address these concerns to make sure that we are being transparent and to make it clear that customer security remains paramount,” DigitalOcean cofounder Moisey Uretsky said in a blog post. “At no time was customer data ‘leaked’ between accounts. This would require that a user not scrub their volume after destroying their server; in this instance data would be recoverable and should be considered not sensitive.”
Launched in 2011, DigitalOcean is a cloud startup based in New York that has seen fast growth, particularly within the developer community. Between December 2012 and June 2013, its number of web-facing servers had grown 50 times over, faster than any company other than Amazon, Alibaba and Hetzner. Earlier this month, DigitalOcean announced that it had expanded to Europe through a data center in Amsterdam.
Developers can instruct DigitalOcean to scrub a droplet, or virtual server, once they are finished using it, but it is an optional command, and not turned on by default.
DigitalOcean responded to the issue in a blog post on Monday, admitting that choosing performance over default storage scrubbing was a mistake. The other mistake, according to Uretsky, is that customers weren’t informed of the changes in default behavior to the API.
“We were wrong on both counts,” he said. “We failed to deliver that message explicitly via email, and we should have taken more factors into account when determining the default behavior for a feature– specifically the multitude of customer concerns other than performance.”
DigitalOcean engineers are working to ensure that a clean system is provided during creates by default, regardless of what method was used for destroying the data.