| Last updated September 5, 2019 What happened? Between August 26 and August 31, 2019 an unauthorized party compromised a Segment employee’s Segment web application account without their knowledge, logging in with their email and password. This account had privileged access. Using the employee’s account, the unauthorized party acquired two months of recent data relating to how Segment customers use the Segment product. This includes information about how Segment users interact with our application and associated account information (email address, first and last name, IP address for each session, and Segment write keys). No Segment customer passwords were compromised. This data is used by our product, marketing, and customer success teams to provide ongoing support for our customers. When did Segment discover the issue? What did Segment do when it discovered the issue? We learned about the incident on August 31. Upon detection, we took immediate action, disabling and deleting the account that was compromised. We then began a full investigation to understand and assess the impact of the incident. What information was involved? Over the course of our investigation, we learned that the unauthorized party acquired two months of recent data relating to how our customers use their Segment workspaces. This includes: Information about how Segment customers interact with different aspects of our product, including customer write keys for Segment (which are considered public), integration names, workspace names, and how customers interact with our user interface.
Information related to Segment customer accounts including first name, last name, email address and IP address while using the Segment web application. No Segment customer passwords were compromised.
For a small subset of customers (13), the unauthorized party was able to gain read-only access to their workspaces and click around in their accounts for up to a few minutes. These customers have been notified.
What is Segment doing to ensure this doesn’t happen again? We have taken immediate action and are continuing to investigate and assess the impact of this incident. Upon discovery, we: Enforced mandatory Multi-Factor Authentication (MFA) for all employees when accessing Segment-owned workspaces and performing administrative actions in the Segment app.
Reset all employee sessions and passwords as a precautionary measure.
Notified relevant law enforcement authorities.
Removed privileged access controls internally, adding accounts on an as-needed basis.
Began an audit of internal access controls to mitigate the risk of an event like this happening in the future.
What should I do about this incident? Unless you have been specifically instructed differently by Segment, there is no direct action required. However, this is a good reminder to make sure that your Segment password is a unique, strong password. We’d also recommend you activate Multi-Factor Authentication (MFA). This blog post covers strong passwords and activating MFA. We apologize for any inconveniences this incident may cause. If you have any further questions or concerns, please do not hesitate to reach out to us at support@segment.com. |