Typeform leaks user data due to security breach

Typeform is a survey software developer based in Barcelona, Spain’s second-largest city. Its free online questionnaire platform of the same name has a wide range of applications worldwide. Many companies and websites create surveys online to collect customer satisfaction with their products or services, and the Typeform platform provides a lot of convenience for this process.

The company recently posted a notice on its website about data breaches, saying its IT team last Friday found an unknown third party accessing the Typeform server and downloading some information. Due to this hacking incident, some users’ data may be leaked.

The company said a security breach caused the leak. After discovering this problem, they repaired it within half an hour. The attacker managed to download a backup file dated May 3 from its server containing the name, email address, and other information submitted by the user when they created the questionnaire. The company also stressed that data collected after May 3 and payment information and passwords would not be affected.

The UK-based mobile bank Monzo is one of the affected organisations. According to Monzo, hacking has affected about 20,000 people, most of whom only exposed their email addresses. However, in some cases, information such as zip codes, names of previously used banks, Twitter usernames, universities, cities, ages and salary ranges, and employers are also exposed. Monzo said that after the incident, it had ended its partnership with Typeform.

Another affected organisation is the Tasmanian Electoral Commission. The organisation pointed out that although some stolen data has been made public, the attacker may have obtained the name, address, e-mail address and date of birth submitted by the elector in the most recent election.

Organizations that notified of this event also include Thriva, Birdseye, HackUPC, and Ocean Protocol. According to information released by Typeform last year, it already had about 30,000 paying users at the time. Of course, we believe that more people choose to use free services. Companies such as Apple, Uber, Facebook, Adobe, Airbnb, WeTransfer and BBC are also said to have used its services at some point. The company’s website currently lists large customers including Trello, HubSpot, Indiegogo, Forbes and Freshdesk.

The company has now assured customers that they have identified the source of the problem and have conducted a comprehensive review of their system security and are taking “significant measures” to prevent such incidents from happening again. However, shortly after the data breach, a user named “Chris Jackson” posted a tweet saying that he found another security hole in Typeform’s system.