Developer Jeffrey Paul first raised the issue of data security on Digital Ocean in a Github post earlier this week. Paul noted that Digital Ocean was not by default “scrubbing” user data from its hard drives after a virtual machine instance was deleted by a user. The scrubbing process securely removes any and all residual data that is resident on a drive. The risk of not scrubbing the drive is that another user could potentially get access to the data.
The issue only affected users of the Digital Ocean API (application programming interface) who were programmatically creating and destroying new virtual instances (referred to as “droplets” by Digital Ocean).