We have got to know about another data breach today. Typeform, an online survey and form building company announced on 29 June 2018 about Typeform Data Breach after two days of its occurrence. The actual incident happened on 27 June 2018.
What happened in Typeform Data Breach
In Typeform Data Breach, an unknown attacker downloaded a backup file containing sensitive customer information. The backup file contained data gathered by Typeform customers up until May 3, 2018. Typeform customers have collected this data using online surveys.
Typeform has published formal announcement on their website:
On June 27 2018, our engineering team became aware that an unknown third party gained access to our server and downloaded certain information. As a result of this breach, some data was compromised. We responded immediately and fixed the source of the breach to prevent any further intrusion.
You can read full official announcement on Typeform Data Hack here. Typeform data breach didn’t include any Typeform’s passwords and user payment card information.
Typeform Data Breach plugged in 30 minutes
The company said the incident happened after the attacker exploited a vulnerability. Typeform didn’t reveal what vulnerability in this exploitation. But, they did say that they plugged the security hole and server flaw plugged in 30 minutes
Typeform said its employees became aware of the breach on Wednesday, June 27, at 14:00 CET. It took 30 minutes for them to secure the affected server. The company made a formal announcement late Friday night two days later of Typeform Data Breach. Company caters to some pretty big customers.
Typeform is a Barcelona-based online software as a service (SaaS) company. It specializes in online form building and online surveys. Its main software creates dynamic forms based on user needs.
According to Wikipedia, big companies like Apple, Airbnb, Uber and Nike use Typeform’s Service. Typeform produces millions of forms every month. The company’s website also lists Trello, HubSpot, Indiegogo, Forbes, and Freshdesk.
Typeform also said that only customers who received the notification emails were affected. Backup file compromised only contained data for selected few customers and not all.
Typeform Data Breach disclosure by other companies
Breach Companies using Typeform services also started announcing about Typeform Data Breach. At the time of writing this article, these companies include Monzo and NewYork Radio.
You can read Monzo’s Official Announcement here.
Payment provider Monzo has revealed that data for about 20,000 users who filled surveys on its site had been exposed.
New York Public Radio informed their customers via notification emails. This email mentions:
New York Public Radio was informed today that Typeform, a partner we use to administer online surveys, had a data breach. Typeform reports that an external attacker accessed survey data from some of their customers. This includes New York Public Radio, which further includes WNYC, WNYC Studios, WQXR and Gothamist).
New York Public Radio mentioned in the notification email to their customers that following surveys are impacted as part of Typeform Data Breach:
- Privacy Personality Quiz
- The Baracket
- Member Center Usability Survey
- Do Your Parents Post Photos of You?
- N-of-1 ALL OUTCOMES
- Voting Block
- Health Channel Research
- WNYC + Gothamist
- Taxonomy Recruiting
- DSM: What’s confusing about being a man?
- WNYC Paid Internship Program Application
- The War in Iraq is Over