Whats up,
We’re writing to tell you of a safety incident. Attributable to a two-factor authentication (2FA) misconfiguration on an worker’s account, an unauthorized person gained entry to sure Zapier code repositories. Usually, this could not affect our clients. Out of an abundance of warning, we audited the contents of the repositories, and we discovered that in remoted situations, sure buyer data had been inadvertently copied to the repositories for debugging functions.
We turned conscious of unauthorized entry to the affected repositories on Thursday, February 27, 2025 (2025-02-27 09:38:48 UTC). As soon as we turned conscious of the difficulty, we instantly secured entry to the repositories and invalidated the unauthorized person’s entry. This incident didn’t have an effect on any Zapier database, infrastructure or manufacturing, authentication, or cost programs.
In our audit, we discovered {that a} subset of your knowledge was included in a repository and will have been accessed by the unauthorized person. Here’s a safe hyperlink so that you can entry a replica of your impacted knowledge.
Please evaluation this knowledge, and take acceptable actions, which can embrace rotating any legitimate plain textual content authentication tokens that will have been utilized in locations reminiscent of code, or webhook step configuration which had been discovered within the impacted knowledge. Word that your Zap/App authentication tokens weren’t impacted by this incident. We additionally suggest that you simply evaluation safety settings in your Zapier account and your different on-line apps, together with activating 2FA the place accessible.
We’re conducting a radical audit and remediation of our inner processes to make sure this doesn’t happen once more for you or different clients.
In case you have any questions, please be happy to achieve out through the use of our contact kind at https://zapier.com/app/get-help or by responding to this e mail. We’re standing by for any additional help you may want.
Sincerely,
Zeeshan Khadim
Head of Safety