U.S. multinational automation platform Zapier has disclosed having some of its code repositories breached in a cybersecurity incident involving the exploitation of a two-factor authentication (2FA) misconfiguration, which exposed certain customer details that were unintentionally copied to the repositories for debugging, reports The Verge.Aside from moving to secure the repositories, Zapier also immediately revoked the unauthorized user's access following the discovery of the incident, said Zeeshan Khadim, head of security at Zapier. In a notification letter, Khadim emphasized that the company's infrastructure, production, payment, or authentication systems, as well as its databases, have not been infiltrated as a result of the breach.While such an intrusion has not affected Zap/App authentication tokens, users have been urged by Khadim to rotate all valid plain text authentication tokens leveraged in webhook step configuration or code, as well as evaluate the security settings of not only their Zapier accounts, but also their other online applications.
Related Terms
Attack VectorYou can skip this ad in 5 seconds