Zapier reports their code repositories breached, potentially accessed customer data
Take action: If you are using Zapier, reach out to the company to confirm you are not part of the breached companies in this incident.
Learn More
Zapier is reporting an unauthorized access to its code repositories, potentially exposing customer information.
The breach, which the company discovered on Thursday, February 27, 2025, resulted from a two-factor authentication (2FA) misconfiguration on an employee's account.
According to an email sent to affected customers and obtained by The Verge, Zapier identified that an unauthorized user gained access to "certain Zapier code repositories." While these repositories should not normally contain customer information, the company's subsequent audit revealed that "in isolated instances, certain customer information had been inadvertently copied to the repositories for debugging purposes."
Zapier claims that they "immediately secured access to the repositories and invalidated the unauthorized user's access." The company has assured customers that the incident "did not affect any Zapier database, infrastructure or production, authentication, or payment systems."
Zapier claims that customers' Zap/App authentication tokens were not compromised in this incident. The company has stated it is "conducting a thorough audit and remediation of our internal processes to ensure this does not occur again."
The number of affected customers has not been disclosed, nor has the company provided specific details about what types of customer information may have been exposed or the potential value of the compromised data.
The company has provided affected customers with secure links to access copies of their impacted data. The rest of the customers can inquire whether they were impacted via https://zapier.com/app/get-help
