Howdy,
We’re writing to tell you of a safety incident. On account of a two-factor authentication (2FA) misconfiguration on an worker’s account, an unauthorized consumer gained entry to sure Zapier code repositories. Usually, this could not affect our clients. Out of an abundance of warning, we audited the contents of the repositories, and we discovered that in remoted situations, sure buyer info had been inadvertently copied to the repositories for debugging functions.
We turned conscious of unauthorized entry to the affected repositories on Thursday, February 27, 2025 (2025-02-27 09:38:48 UTC). As soon as we turned conscious of the difficulty, we instantly secured entry to the repositories and invalidated the unauthorized consumer’s entry. This incident didn’t have an effect on any Zapier database, infrastructure or manufacturing, authentication, or fee techniques.
In our audit, we discovered {that a} subset of your knowledge was included in a repository and will have been accessed by the unauthorized consumer. Here’s a safe hyperlink so that you can entry a replica of your impacted knowledge.
Please evaluate this knowledge, and take acceptable actions, which can embody rotating any legitimate plain textual content authentication tokens that will have been utilized in locations comparable to code, or webhook step configuration which have been discovered within the impacted knowledge. Notice that your Zap/App authentication tokens weren’t impacted by this incident. We additionally suggest that you simply evaluate safety settings in your Zapier account and your different on-line apps, together with activating 2FA the place out there.
We’re conducting a radical audit and remediation of our inner processes to make sure this doesn’t happen once more for you or different clients.
If in case you have any questions, please be at liberty to achieve out by utilizing our contact kind at https://zapier.com/app/get-help or by responding to this electronic mail. We’re standing by for any further help you would possibly want.
Sincerely,
Zeeshan Khadim
Head of Safety