- Zapier sends a data violation notification letter to concerned customers
- He indicates to a threat actor a poor configuration of 2FA to violate an account
- They have accessed certain sensitive customer information
Zapier popular automation tools have undergone a cyber attack that has seen the company lose sensitive customer information.
A news from the attack has been reported by The penisWho obtained a copy of the letter of notification of violation The company’s security manager, Zeeshan Khadim, sent to concerned customers.
According to the letter, an anonymous threat actor abused a “two -factor authentication error (2FA)” on the account of an employee to obtain unauthorized access to certain Zapier code standards. “”
Trapalit ai
Normally, this would not have an impact on our customers, “said the letter, but after having audit the content of the benchmarks, Zapier found customer information that has been” inadvertently copied into the benchmarks for debugging purposes “.
These are “isolated incidents,” said the owner of security. We do not know exactly how many people have been affected, or what type of information has been stolen. We know what was not, however: “This incident did not affect any zapier, infrastructure or production, authentication or payment system.”
Once Zapier was aware of the incident, he obtained access to standards and invalidated the compromise account. The company has also generated a secure link on which the customers concerned can see a copy of their affected data.
“Please see this data and take the appropriate measures, which may include the rotation of valid gross text authentication tokens which may have been used in places such as the code or scenario configuration that has been found in the data affected,” said the letter, suggesting which information may have been taken. “Note that your ZAP / APT authentication tokens were not affected by this incident. We also recommend that you consult the safety settings on your Zapier account and other online applications, including the activation of 2FA, if applicable. »»
The company now manages a complete audit and a correction of internal processes to prevent similar incidents from also occurring in the future.
