Whats up,
We write to tell you of a safety incident. Because of the flawed two -factors authentication configuration (2FA) on an worker’s account, an unauthorized person has achieved entry to sure Zapier code deposits. Usually, this is able to not have an effect on our clients. From an abundance of warning, we audited the contents of the deposits and located that, in remoted circumstances, sure details about the shoppers was inattention to deposits for troubleshooting functions.
I grew to become conscious of the unauthorized entry to the affected warehouses on Thursday, February 27, 2025 (2025-02-27 09:38:48 UTC). As soon as I grew to become conscious of the issue, I instantly supplied entry to warehouses and invalidated the unauthorized person entry. This incident has not affected any zapier, infrastructure or manufacturing, authentication or fee programs.
In our audit, we discovered subset of your information was included in a warehouse and should have been accessed by the unauthorized person. Here’s a protected hyperlink to entry a duplicate of your affected information.
Please look at this information and take applicable actions, which can embody rotating any legitimate easy textual content authentication tokens that would have been utilized in locations corresponding to code or webhook step configuration, which have been discovered within the affected information. Be aware that your ZAP/App authentication chips haven’t been affected by this incident. We additionally suggest analyzing the safety settings in your Zapier account and on the opposite on-line purposes, together with activating 2FA the place it’s out there.
We lead an audit and the thorough treatment of our inside processes to make sure that this is not going to seem once more for you or different clients.
When you’ve got any questions, please don’t hesitate to contact our contact kind at https://zapier.com/app/get-help or responding to this e-mail. We’re standing for any further help you want.
Honest,
Zeeshan Khadim
Head of safety