There is recent outbreak news recently where Typeform’s Founder has sent an email to all users regarding data breach to their survey platform, Typeform 14 hours ago. Their discovered that an unknown third party has gained an access to their server and downloaded information including respondents provided in their survey form.
There is no Typeform Customers information leaked and it has been confirmed from their engineering team.
Here’s the data breach message from Typeform
Hello,
My name is David Okuniev, and along with my co-founder and joint-CEO, Robert Muñoz, we’re writing to inform you that a data security incident has occurred within the Typeform platform.The incident compromised some of our customer data, and some data from your respondents.
On June 27, 2018, our engineering team discovered that an unknown third party gained access to our server and downloaded certain information, including some of the data your respondents provided via Typeform. We responded immediately and closed the source of entry. Our engineers are closely monitoring our platform, and we’ve found no evidence of any recurrence of the incident.
To date, our investigation has revealed that your account was compromised. Only some of the data provided by your respondents prior to May 3, 2018 was affected.
As a data collection company and service provider, maintaining the security and privacy of our customers’ data is our top priority. As part of our rapid response to this incident, our team took a variety of measures to ensure the ongoing security of your data. Because each customer’s typeforms are different, the data downloaded during this incident will vary by customer. You may want to communicate with your respondents to inform them of this incident. Please see the Q&A below for more info about this.
In addition to the steps taken to date, our team have launched a comprehensive review of our system security to identify ways we can further increase our security measures to prevent future incidents. After the review, our system will be more secure than ever before.
We take security matters seriously, and we sincerely regret that this incident occurred.
Potentially compromised data breach on Typeform:
Data type | Were you compromised? |
Personal Account info | No |
Results (answers from typeforms) | Yes |
# of typeforms affected | 1 |
What do you mean by “compromised”?
In this case, “compromised” means that the attacker obtained access to your data and downloaded it from our servers. Unfortunately, this means that the attacker has partial data you collected prior to May 3rd.
How does this impact me?
All the responses you received prior to May 3rd from your respondents in the typeforms listed below are compromised.
What data was compromised?
The results accessed were from a partial backup dated May 3rd, 2018. As a result, all data collected since May 3rd 2018 are not compromised. Compromised typeforms are listed below.
What data is safe (i.e. not compromised by this incident)?
- Your subscription payment info is safe and secure (credit card, address, etc).
- Your typeform password is safe.
- The data you have collected since May 3rd is safe.
- If you collected payments via our Stripe integration, all of your audience’s payment details are safe.
What should I do about this?
If you received names and email data through any of your typeforms, you might want to let them know about the breach. They prepared a communication template which you can use as part of your communication strategy:
Dear [name],
We just received a message that Typeform had a data breach, which affected one (or more) of the typeforms we sent out. Typeform reports that an external attacker managed to get unauthorized access to respondent data and downloaded it.
The good news is that Typeform responded immediately and fixed the source of the breach to prevent any further intrusion.
If your name and email was downloaded by the attacker, then we recommend that you watch out for potential phishing scams, or spam emails. [If you collected payments via Typeform, you could add: Any credit card information you shared through Stripe is safe and secure.]
If you have any other questions, feel free to contact us.
Have their corrected the problem?
They have immediately initiated a comprehensive review of our system security and have identified the source of the breach and have addressed that security vulnerability. As a data collection company, maintaining the security and privacy of our customers’ data is our top priority. They will continue to take significant measures to prevent this type of situation from happening in the future, including a full-scale review of our security.
Could this happen again?
They are taking substantial measures to prevent this from happening again, including using a cross-functional team to review our system and the security measures their employ.
Why weren’t you been notified sooner?
Before notifying you it was important for us to feel comfortable that the vulnerability was resolved to prevent another attack. Since the attack they have been performing a comprehensive forensic investigation. They launched this communication as soon as possible after feeling comfortable that our platform is now secure.
Can you tell me exactly what data was compromised?
Yes. Please scroll down for the details.
Can I trust Typeform with my data going forward?
It is understandable that you might question the trust you put in Typeform. They would like to assure you that they have taken Data Security and Data Privacy very seriously, and they are doing everything their can to take actions that will rebuild the trust you placed in us.
They are taking security measures to prevent any possible future occurrence.
In the short term, they brought in forensic security experts who have helped us review the breach, and are helping us look into all other aspects where they can improve the security of our platform. Regarding this specific incident, we’ve identified the vulnerability and implemented measures to prevent this type of attack.
Going forward, they will continue to scale our security team to ensure everything to keep your data safe.
[UPDATE 2nd July 2018]
All affected Typeform’s User will have ability to download all of your compromised data. They were working over the weekend to create a secure solution to make it easier for affected users to download all their data that was compromised. This should help users to better assess if thry need to communicate this with any 3rd parties, and if so, which ones.
p/s: Did you use Typeform for your online survey marketing or campaign recently? Please let me know by contacting me here.