
Typeform Data Breach - cityzen
Just received this email from the Typeform founders:<p>-----------------------<p>Hello,<p>My name is David Okuniev, and along with my co-founder and joint-CEO, Robert Muñoz, we’re writing to inform you that a data security incident has occurred within the Typeform platform.The incident compromised some of our customer data, and some data from your respondents.<p>On June 27, 2018, our engineering team discovered that an unknown third party gained access to our server and downloaded certain information, including some of the data your respondents provided via Typeform.  We responded immediately and closed the source of entry. Our engineers are closely monitoring our platform, and we’ve found no evidence of any recurrence of the incident.<p>To date, our investigation has revealed that your account was compromised. Only some of the data provided by your respondents prior to May 3, 2018 was affected.<p>As a data collection company and service provider, maintaining the security and privacy of our customers’ data is our top priority. As part of our rapid response to this incident, our team took a variety of measures to ensure the ongoing security of your data. Because each customer’s typeforms are different, the data downloaded during this incident will vary by customer. You may want to communicate with your respondents to inform them of this incident. Please see the Q&amp;A below for more info about this.<p>In addition to the steps taken to date, our team have launched a comprehensive review of our system security to identify ways we can further increase our security measures to prevent future incidents. After the review, our system will be more secure than ever before.<p>We take security matters seriously, and we sincerely regret that this incident occurred.<p>-----------------------<p>I guess this is just to be expected at this point.
======
laurex
As a researcher at a startup, I have to rely on 3rd party tools at least to
some extent to collect information (like surveys, screeners, etc). Luckily the
data I collect isn't super sensitive, but my guess is that most small
companies are collecting names, phone numbers, and email at least and storing
them in a 3rd party platform. I imagine most small companies rely on 3rd
parties like Google, Airtable, Salesforce, etc. to store at least some data
about users. But I don't want to rely on these insecure 3rd parties to store
this data. Maybe an opportunity for SaaS to move into a different direction
where there's a front-end portal but actually don't store your data? Most
small companies don't have developer resources to make secure surveys in-
house.

------
dharma1
Last time I use Typeform. Can't trust them for anything except some hobbyist
forms.

Also - they haven't published this anywhere online

------
Jommi
Got the same. This is huge.

