The Organization uses a third party service provider, Typeform S.L. (a Barcelona-based online software as a service company), to collect marketing data. The Organization reported that it ?on June 22, 2018?, Typeform informed the Organization that ?On June 27, 2018, our engineering team discovered that an unknown third party gained access to our server and downloaded certain information, including some of the data your respondents provided via Typeform.? The Organization said that subsequently, on July 11, 2018, Typeform informed it that ?From the initial analysis from the forensic company, there are indications of compromise on one of our servers that shows continuous attempts to exploit the application layer. This appears to have allowed the attacker to retrieve an AWS API key from the server.? The Organization was advised by Typeform that ?an unidentified attacker gained access to partial database backups stored in a private AWS S3 bucket? on June 22, 2018 and on June 25, 2018. The Organization ?was advised that over 233,000 Typeform accounts were compromised??.
P2018-ND-109
File Type:
pdf
File Size:
341 KB
Categories:
2018