On Friday, June 29, at 19:25, we received a notification from Typeform that they suffered a data breach that compromised some of their data.
Because we use Typeform to send infrequent surveys to our users, we immediately took action to see if CyberGhost users’ data was impacted in any way.
No confidential information was exposed
We wanted to have the full details about the situation before making any formal announcements, so here they are.
Typeform informed us that cybercriminals managed to compromise data backups containing information about surveys that were active before May 3rd, 2018. Only two such surveys for CyberGhost users were involved in the breach.
The breach had only a minor, limited impact on CyberGhost VPN users: 120 emails addresses and 14 CyberGhost usernames were included in the two forms involved in the compromised data.
No passwords or other details were involved because we never store such confidential, sensitive information on servers pertaining to third-party service providers.
Naturally, we immediately notified the Romanian National Supervisory Authority for Personal Data Processing about this issue (because we are based in Romania).
Email security is crucial
Unfortunately, data leaks like this one are increasingly frequent because cybercriminals target databases they can later use in spam attacks, for example.
Even though no confidential information about our users was exposed, we still recommend you take additional security steps to protect your inbox if you haven’t so far.
- Delete phishing or spam emails and do NOT click on the links in the message, as they could be harmful to your device and data.
- Even if your email account was NOT compromised in this data leak (only a limited number of email addresses being exposed, but no passwords or any other type of connected information), we do recommend you monitor your account for suspicious activity.
- If you have a weak password for your email address, we suggest changing it with a stronger one.
- Also, turn on 2FA (two-factor authentication) for your email address if you have the option. It adds a strong security layer for one of your most important online accounts. You can find instructions for a comprehensive list of instructions for various email providers here.
- What’s more, avoid using your main email address for creating online accounts on websites you don’t trust.
- Never put your email address on websites that do not use HTTPS (Secure Hyper Text Transfer Protocol), as it may expose your data to snoopers of all kinds.
- And last, but not least, build your security in layers. This makes it difficult for any cybercriminal to gain unlawful access to your private information.
Our commitment to keeping your data safe and private
While this situation with Typeform is absolutely regrettable, please know we’re putting our best efforts into ensuring this never happens again.
We’d like to take a moment and remind you that, here at CyberGhost VPN, we’re still strong believers and followers of the Privacy by Design principles. It’s exactly why we don’t collect any type of data we don’t absolutely need. This allows us to be proactive, not reactive, while also staying accounted for, open and compliant.
We’re strong digital privacy militants and we’ll keep on doing our absolute best to keep you anonymous online.
Should you have any questions for us, you can talk to our support team 24/7 via live chat on the website. We’re here to answer any and all questions you may have.