Zapier informed customers on Friday that an “unauthorized user†accessed “certain Zapier code repositories†and may have gained access to customer information as a result. The customer data had been “inadvertently copied to the repositories for debugging purposes,†according to an email obtained by The Verge.

The company says it became aware of the unauthorized access on Thursday. When it did, the company “immediately secured access to the repositories and invalidated the unauthorized user’s access,†the email says. Zapier says that the incident “did not affect any Zapier database, infrastructure or production, authentication, or payment systems.â€

The code repos shouldn’t have included customer data. But after auditing them, Zapier discovered that some information had been “inadvertently†copied over. Zapier’s platform allows users to create automations that work across other companies’ apps and services, potentially putting it in the middle of a lot of sensitive information.

The hacker was able to access the repositories because of a “two-factor authentication (2FA) misconfiguration on an employee’s account.†The company says it is now conduct …

Read the full story at The Verge.

This post was originally published on this site