Typeform Breach Exposed User Data

Following the trend of Ticketmaster and Adidas data breach incidents, another major firm suffered a cyber attack. This time, the victim is data collection firm Typeform. However, this Typeform data breach exposed only partial data of users, whom they informed later on.  The company identified the issue and had their system back within 30 minutes.

Typeform Data Breach Leaked Partial Data

On June 29, 2018, the company confirmed it suffered a cyber attack that it later fixed within 30 minutes. Reportedly, the Typeform data breach exposed data of some of its users to the hackers. The company identified the incident after observing unauthorized access to its server on June 27th. After resolving the matter, they uploaded an official notification on their website.

“On June 27, 2018, our engineering team became aware that an unknown third party gained access to our server and downloaded certain information.”

As explained in their statement, the hackers may have accessed the data before May 3, 2018, from a partial backup. Therefore, the attack leaked only some of the users’ data. The company quickly informed the affectees about the breach via email. Those who haven’t received the email remain safe from the attack. They state on their website,

“If you received an email from us, all the responses you received prior to May 3rd could be compromised.”

Typeform Contained The Breach

After noticing the breach, Typeform began forensic investigations about the matter. They also fixed the security vulnerability to prevent such an incidence reoccurring.

“We’ve since been performing a full forensic investigation of the incident to be certain that this cannot happen again.  The risk of reoccurrence is now deemed low enough to send out this communication.”

Fortunately, the breached data does not include any financial details, nor does it include users’ passwords. The company further assures that they employ all possible measures to maintain the security of their users.

“We’d like to assure you that we take Data Security and Data Privacy very seriously, and we’re doing everything we can to take actions that will rebuild the trust you placed in us.”

Typeform has not given any explicit number of affected users. Yet, Monzo mentioned the count in its official blog to be 20,000. After the incident, Monzo uploaded this notice from the CEO, Tom Blomfield to their users. (Recall that Monzo also uploaded a similar blog regarding the Ticketmaster data breach, explaining how they already suspected the incident two months ago.)

“Our initial investigations suggest that some personal data of about 20,000 people is likely to have been included in the breach. For the vast majority of people, this was just their email address. For a much smaller proportion of others, this may have included other data like their Twitter username or postcode,” reads Monzo’s blog post.

Moreover, Monzo also declares ending their relationship with Typeform unless it wins their trust back.

“We’re also ending our contract with Typeform, at least until they can prove they’ve improved their security, and have deleted all customer data from their servers.”

Presently, this is all we knew. Let’s see what investigations reveal to us in future about this Typeform data breach.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites