Hello,
We are writing to inform you of a security incident. Due to a two-factor authentication (2FA) misconfiguration on an employee’s account, an unauthorized user gained access to certain Zapier code repositories. Normally, this would not impact our customers. Out of an abundance of caution, we audited the contents of the repositories, and we found that in isolated instances, certain customer information had been inadvertently copied to the repositories for debugging purposes.
We became aware of unauthorized access to the affected repositories on Thursday, February 27, 2025 (2025-02-27 09:38:48 UTC). Once we became aware of the issue, we immediately secured access to the repositories and invalidated the unauthorized user’s access. This incident did not affect any Zapier database, infrastructure or production, authentication, or payment systems.
In our audit, we found that a subset of your data was included in a repository and may have been accessed by the unauthorized user. Here is a secure link for you to access a copy of your impacted data.
Please review this data, and take appropriate actions, which may include rotating any valid plain text authentication tokens that may have been used in places such as code, or webhook step configuration which were found in the impacted data. Note that your Zap/App authentication tokens were not impacted by this incident. We also recommend that you review security settings on your Zapier account and your other online apps, including activating 2FA where available.
We are conducting a thorough audit and remediation of our internal processes to ensure this does not occur again for you or other customers.
If you have any questions, please feel free to reach out by using our contact form at https://zapier.com/app/get-help or by responding to this email. We are standing by for any extra assistance you might need.
Sincerely,
Zeeshan Khadim
Head of Security
[Notigroup Newsroom in collaboration with other media outlets, with information from the following sources]
