Forum Academy Marketplace Showcase Pricing Features

TypeForm was comprised - data breach including Auth information

Hi everyone

If you are using TypeForm as an integration via a plugin or API I would advise changing your Authentication key. They were hacked and data was downloaded.

I received this today/ last night.

Fortunately I decided not to incorporate into my app!

See below:

My name is David Okuniev, and along with my co-founder and joint-CEO, Robert Muñoz, we’re writing to inform you that a data security incident has occurred within Typeform. The incident involved the data provided by your respondents and customers to Typeform.

On June 27, 2018, our engineering team became aware that an unknown third party gained access to our server and downloaded certain information, including some of the data your respondents provided via Typeform We responded immediately and closed the source of entry. Our engineers are closely monitoring our platform, and we have found no evidence of any recurrence of the incident.

To date, our investigation has revealed that your account was compromised; only some of the data provided by your respondents prior to May 3, 2018 was affected. In some cases, API Keys, access tokens, OAuth2 applications credentials were accessed. In some cases, unique accounts may have compromised webhooks.

As a data collection company and service provider, maintaining the security and privacy of our customers’ data is our top priority. As part of our rapid response to this incident, our team took a variety of measures to ensure the ongoing security of your data. In addition, we recommend you promptly take the following steps:

If you integrated your account with a third-party application, you’ll have to reconnect. We’ve attached a set of instructions so that you can reactivate and secure your apps and integrations with Typeform.
If you created an application or an integration with Typeform you’ll need to reconfigure it.
Stay alert for suspicious webhooks under your account.
Because each customers’ typeforms are different, the data downloaded during this incident will vary by customer. You may want to communicate with your respondents to inform them of this incident.

In addition to the steps taken to date, our team have launched a comprehensive review of our system security to identify ways we can further increase our security measures to prevent future incidents. After the review, our system will be more secure than ever before.

We take security matters seriously, and we sincerely regret that this incident occurred.

2 Likes