Fellow Pipedreamers,
On Sunday April 2nd, we discovered an issue with our login screen that exposed the email addresses of a small subset of our users. We have completed our investigation and are sharing the results here.
On February 21st, we made a code change that made it possible for the email address of a user who accepted a workspace invitation to be briefly shown to subsequent users logging in to pipedream.com. Because exposure depended on timing, the issue evaded our normal testing and remained undiscovered until reported by a user on April 2nd. We fixed the error shortly after it was discovered.
Any user who accepted a workspace invitation between February 21st and April 2nd could have had their email address exposed to other users for a brief period of time. The only information exposed was the invitee’s email address. No passwords, security tokens or other private information were exposed. Access to user accounts was never compromised and we have found no evidence that exposed emails were collected or used for any malicious purpose. You don’t need to do anything to maintain the security of your account.
We never like to have security incidents, but are committed to communicating issues quickly and transparently. Thank you for your understanding and feedback. If you have any questions about this incident or the status of your account, please contact support@pipedream.com