Zapier, a popular platform that allows users to create automation across various apps and services, informed its customers on Friday about a security breach involving its code repositories. The company revealed that an “unauthorized user” had accessed specific code repositories and may have gained access to customer data. This was discovered after a detailed audit uncovered that customer data had been “inadvertently copied” to these repositories during debugging processes.
How the breach occurred
Zapier became aware of the breach on Thursday, February 27, 2025, after detecting unauthorized access to the affected repositories. According to an email sent to customers, the breach occurred due to a misconfiguration in an employee’s account’s two-factor authentication (2FA) settings. As a result, the hacker could gain access to the repositories.
Once the breach was detected, Zapier quickly secured the affected repositories, invalidating the unauthorized user’s access. The company assured customers that the breach did not affect its core systems, including databases, payment systems, or authentication processes.
The company emphasized that the code repositories, which typically should not contain customer data, had mistakenly stored some information. Although this incident was isolated, Zapier immediately investigated the issue and secured customer data. It was revealed that some customer information may have been accessed due to this error.
What you need to know and actions to take
Zapier’s team reviews internal processes to ensure such incidents do not happen again. While the company assured customers that the breach did not affect authentication tokens or payment systems, it advised users to take precautionary measures. Customers are encouraged to rotate any authentication tokens that might have been exposed and review the security settings of their Zapier account, especially by enabling 2FA where available.
Additionally, Zapier provided customers with a secure link to access any impacted data, allowing them to review the information and take necessary actions to safeguard their accounts. The company has pledged to continue its audit and improve security measures.
For further support or inquiries, Zapier customers should contact the company through the contact form or directly reply to the email sent regarding the incident.
Company response and future plans
Zapier’s Head of Security, Zeeshan Khadim, signed the email, reassuring customers that the company is taking all necessary steps to prevent future security breaches. A full audit of the company’s internal processes is underway, ensuring that similar issues do not affect users again. The company’s swift response demonstrates its commitment to securing customer data and reinforcing trust in its platform.
While this incident may have caused concern, Zapier’s transparency and quick actions should reassure its customers that the issue is being taken seriously and remedial steps are being taken.
