No one or organization is truly above data breach. Typeform, a popular online survey software company based in Spain that specializes in online forms and surveys, has suffered a security breach that resulted in the data collected by its customers getting stolen.
According to a notice posted on its website, Typeform identified the breach on June 27 and addressed its cause roughly half an hour later. The company says an attacker has managed to download a backup file dated May 3 from one of its servers.
Typeform confirmed that it patched the issue within just half an hour after identifying the intrusion, and emailed all the affected users, warning them to watch out for potential phishing scams, or spam emails.
The company did not disclose any details about the vulnerability that was exploited by hackers to gain access to its servers, choosing to mention only what isn’t at risk, namely subscription payment data, Typeform account passwords, any payments collected via Stripe integration, and audience payment data.
Typeform said affected account holders would be informed by email. The Tasmanian Electoral Commission, British prestige brand Fortnum & Mason, digital bank Monzo, and food maker Birdseye have been among those issuing their own alerts, but this is only a fraction of the company’s business customer base, which runs to thousands.
What do to?
If you’re a business, Typeform has helpfully provided an apology email to send to customers, although large brands will likely decide to write their own. It does add this interesting detail:
If your name and email was downloaded by the attacker, then we recommend that you watch out for potential phishing scams, or spam emails.
This brings us to the focal point of this breach – the unknown number of people who have never heard of Typeform, nor realised their data was being stored by them, but who might receive alert emails from the business that used it.
If you’re unlucky enough to be one of these, it seems the risk is, as stated, receiving phishing scams, that might use personal data from the breach to try to lure you in.
We also advise you to be mindful and careful what you click on.