A security incident at Zapier was triggered by a misconfiguration in two-factor authentication (2FA), allowing unauthorized access to code repositories. Although sensitive customer data was only available in isolated instances for debugging purposes, the company promptly secured these accesses and undertook a thorough audit. The incident, dated February 27, 2025, had no impact on production systems or authentication and payment infrastructures. Customers are advised to review their data and security protocols, including rotating any authentication tokens and activating 2FA for better protection against potential breaches.
This incident did not affect any Zapier database, infrastructure or production, authentication, or payment systems.
We became aware of unauthorized access to the affected repositories on Thursday, February 27, 2025.
We are conducting a thorough audit and remediation of our internal processes to ensure this does not occur again for you or other customers.
Out of an abundance of caution, we audited the contents of the repositories, and we found that in isolated instances, certain customer information had been inadvertently copied.
Collection
[
|
...
]