Zapier has reported a security breach involving unauthorized access to its code repositories, raising concerns about potential exposure of customer data. The company discovered the incident on February 27, 2025, when it identified that an unauthorized user gained access due to a misconfiguration in two-factor authentication (2FA) on an employee’s account.
During an audit following the breach, Zapier found that some customer information had been inadvertently copied to the repositories for debugging purposes. Although the company stated that the incident did not affect its main databases, infrastructure, or payment systems, it acknowledged that isolated instances of customer data may have been accessed.
In response to the breach, Zapier has taken immediate action to secure the repositories and invalidate the unauthorized user’s access. The company is now conducting a thorough review of its security processes to prevent similar incidents in the future.
Zapier’s platform enables users to automate workflows across different applications, which can involve handling sensitive information. The company recommends that users review their security settings and activate 2FA where possible to enhance account protection.
For more details, visit the original article on The Verge.