This is directly related to this issue at GitHub:
Digital Ocean API is not told to scrub (securely delete) VM on destroy.
The co-founder of DigitalOcean has “responded” to it in a blog post titled:
Transparency Regarding Data Security, where he claims the following:
At no time was customer data “leaked” between accounts. This would require that a user not scrub their volume after destroying their server; in this instance data would be recoverable and should be considered not sensitive.
In the blog post, DigitalOcean co-founder Moisey claims that no customer data had been leaked between accounts. However, according to a comment made on their blog, that’s a lie.
Mr. Moisey hasn’t responded to that comment. It’ll be interesting watching this unfold…