Data Breach

The popular online survey software Typeform suffered a security breach

Typeform, the popular online survey platform, has suffered a data breach that exposed partial data of some users, no payment card data was stolen.

Typeform, the popular online survey platform, is the last victim of a data breach. Typeform software is widely adopted by businesses worldwide to easily arrange surveys, it allows easy creation of interfaces to collect user data.

The company has confirmed the security breach that exposed partial data of some users.

“On June 27, 2018, our engineering team became aware that an unknown third party gained access to our server and downloaded certain information. As a result of this breach, some data was compromised. ” reads the data breach notification published by the company.

According to Typeform, no payment card data or password information for the website had been exposed in the security breach.

The Spanish firm discovered the intrusion on June 27th, and immediately launched an internal investigation.

The experts discovered that attackers accessed company servers and downloaded a partial data backups for surveys conducted before May 3rd, 2018.

The company identified the vulnerability exploited by the hackers and patched it a few hours then it notified the incident to the affected users.

At the time there is no information about the flaw exploited by the hackers, the company highlighted that even if customers collected payments via Typeform’s Stripe integration, the payment details they have corrected are safe.

One of Typeform’s customers, the digital mobile bank Monzo, confirmed confirmed that personal data of about 20,000 people are likely to have been exposed due to the security breach.

“Our initial investigations suggest that some personal data of about 20,000 people is likely to have been included in the breach.” reads the security advisory published by Monzo.

“For the vast majority of people, this was just their email address. For a much smaller proportion of others, this may have included other data like their Twitter username or postcode. We’ve published a full breakdown at the bottom of this post,”

Unfortunately, the number of data breaches continue to increase and a growing number of personal details are flooding the black marketplaces.

Yesterday the sportswear company Adidas announced potential data breach that affected millions of its U.S. customers while the global entertainment ticketing service Ticketmaster suffered the same problem.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – hacking, Data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.