The popular online survey software Typeform suffered a security breach
30.6.18 securityaffairs Incindent

Typeform, the popular online survey platform, has suffered a data breach that exposed partial data of some users, no payment card data was stolen.

Typeform, the popular online survey platform, is the last victim of a data breach. Typeform software is widely adopted by businesses worldwide to easily arrange surveys, it allows easy creation of interfaces to collect user data.

The company has confirmed the security breach that exposed partial data of some users.

“On June 27, 18, our engineering team became aware that an unknown third party gained access to our server and downloaded certain information. As a result of this breach, some data was compromised. ” reads the data breach notification published by the company.

According to Typeform, no payment card data or password information for the website had been exposed in the security breach.

The Spanish firm discovered the intrusion on June 27th, and immediately launched an internal investigation.

The experts discovered that attackers accessed company servers and downloaded a partial data backups for surveys conducted before May 3rd, 18.

The company identified the vulnerability exploited by the hackers and patched it a few hours then it notified the incident to the affected users.

At the time there is no information about the flaw exploited by the hackers, the company highlighted that even if customers collected payments via Typeform’s Stripe integration, the payment details they have corrected are safe.


One of Typeform’s customers, the digital mobile bank Monzo, confirmed confirmed that personal data of about 20,000 people are likely to have been exposed due to the security breach.

“Our initial investigations suggest that some personal data of about 20,000 people is likely to have been included in the breach.” reads the security advisory published by Monzo.

“For the vast majority of people, this was just their email address. For a much smaller proportion of others, this may have included other data like their Twitter username or postcode. We’ve published a full breakdown at the bottom of this post,”

Unfortunately, the number of data breaches continue to increase and a growing number of personal details are flooding the black marketplaces.

Yesterday the sportswear company Adidas announced potential data breach that affected millions of its U.S. customers while the global entertainment ticketing service Ticketmaster suffered the same problem.