1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Zapier tells customers their data may have been accessed

    From TechnologyDaily@1337:1/100 to All on Mon Mar 3 16:15:08 2025
    Zapier tells customers their data may have been accessed

    Date:
    Mon, 03 Mar 2025 16:12:00 +0000

    Description:
    Sensitive Zapier data was "inadvertently copied to the repositories" for debugging purposes.

    FULL STORY ======================================================================Zapier sends data breach notification letter to affected customers It says a threat actor a 2FA misconfiguration to breach an account They accessed some
    sensitive customer information

    Popular automation tool Zapier has suffered a cyberattack which saw the company lose sensitive customer information.

    News of the attack was reported by The Verge , which obtained a copy of the breach notification letter the companys Head of Security, Zeeshan Khadim,
    sent to affected customers.

    According to the letter, an unnamed threat actor abused a two-factor authentication ( 2FA ) misconfiguration on an employees account to gain unauthorized access to certain Zapier code repositories. Training AI

    Normally, this would not impact our customers, the letter further states, but after auditing the contents of the repositories, Zapier found some customer information that was inadvertently copied to the repositories for debugging purposes.

    These were isolated incidents, the security boss said. We dont know exactly how many people were affected, or what kind of information was stolen. We
    know what wasnt, though: This incident did not affect any Zapier database, infrastructure or production, authentication, or payment systems.

    Once Zapier was aware of the incident, it secured access to the repositories and invalidated the compromised account. The company also generated a secure link on which affected customers can see a copy of their impacted data.

    Please review this data, and take appropriate actions, which may include rotating any valid plain text authentication tokens that may have been used
    in places such as code, or webhook step configuration which were found in the impacted data, the letter further states, suggesting what information may
    have been taken. Note that your Zap/App authentication tokens were not impacted by this incident. We also recommend that you review security
    settings on your Zapier account and your other online apps, including activating 2FA where available.

    The company is now running a thorough audit and internal process remediation to prevent similar incidents from happening in the future, as well. You might also like Hackers steal over $1bn in one of the biggest crypto thefts ever We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/zapier-tells-customers-their-data-may-h ave-been-accessed


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)