Hello,
We are writing to tell you of a safety incident. Due to a two-factor authentication (2FA) misconfiguration on an worker’s account, an unauthorized consumer gained entry to sure Zapier code repositories. Normally, this is able to not affect our clients. Out of an abundance of warning, we audited the contents of the repositories, and we discovered that in remoted cases, sure buyer data had been inadvertently copied to the repositories for debugging functions.
We grew to become conscious of unauthorized entry to the affected repositories on Thursday, February 27, 2025 (2025-02-27 09:38:48 UTC). Once we grew to become conscious of the problem, we instantly secured entry to the repositories and invalidated the unauthorized consumer’s entry. This incident didn’t have an effect on any Zapier database, infrastructure or manufacturing, authentication, or cost methods.
In our audit, we discovered {that a} subset of your information was included in a repository and should have been accessed by the unauthorized consumer. Here is a safe hyperlink so that you can entry a duplicate of your impacted information.
Please evaluate this information, and take acceptable actions, which can embody rotating any legitimate plain textual content authentication tokens that will have been utilized in locations akin to code, or webhook step configuration which had been discovered within the impacted information. Note that your Zap/App authentication tokens weren’t impacted by this incident. We additionally advocate that you just evaluate safety settings in your Zapier account and your different on-line apps, together with activating 2FA the place accessible.
We are conducting an intensive audit and remediation of our inside processes to make sure this doesn’t happen once more for you or different clients.
If you have got any questions, please be at liberty to succeed in out by utilizing our contact type at or by responding to this e mail. We are standing by for any further help you may want.
Sincerely,
Zeeshan Khadim
Head of Security
