Cyber incident potentially compromises Zapier customer data

U.S. multinational automation platform Zapier has disclosed having some of its code repositories breached in a cybersecurity incident involving the exploitation of a two-factor authentication misconfiguration, which exposed certain customer details that were unintentionally copied to the repositories for debugging, reports The Verge.

Aside from moving to secure the repositories, Zapier also immediately revoked the unauthorized user's access following the discovery of the incident, said Zapier Head of Security Zeeshan Khadim in a notification letter emphasizing that its infrastructure, production, payment, or authentication systems, as well as its databases have not been infiltrated as a result of the breach. While such an intrusion has not affected Zap/App authentication tokens, users have been urged by Khadim to rotate all valid plain text authentication tokens leveraged in webhook step configuration or code, as well as evaluate the security settings of not only their Zapier accounts but also their other online applications.