Zapier says someone broke into its code repositories and may have accessed customer data

Hello, We are writing to inform you of a security incident. Due to a two-factor authentication (2FA) misconfiguration on an employee’s account, an unauthorized user gained access to certain Zapier code repositories. Normally, this would not impact our customers. Out of an abundance of caution, we audited the contents of the repositories, and we found that in isolated instances, certain customer information had been inadvertently copied to the repositories for debugging purposes. We became aware of unauthorized access to the affected repositories on Thursday, February 27, 2025 (2025-02-27 09:38:48 UTC). Once we became aware of the issue, we immediately secured access to the repositories and invalidated the unauthorized user’s access. This incident did not affect any Zapier database, infrastructure or production, authentication, or payment systems. In our audit, we found that a subset of your data was included in a repository and may have been accessed by the unauthorized user. Here i ... Read full article.