10/23/2018 - Apollo.io Incident

Segment was impacted by Apollo.io’s recent security incident. Here’s what you need to know.

What happened?

  • In July, sales productivity services provider Apollo.io suffered a security incident.

  • In the past, Segment used Apollo.io, formerly known as ZenProspect, as a vendor service. As a result, some of our contact information from our SaaS CRM system, which was connected to Apollo.io, was affected by Apollo’s security incident.

  • When news of the Apollo.io situation broke earlier this month, Segment was made aware and immediately started a thorough investigation into the extent to which our CRM data may have been affected.

What information was involved?

  • Our investigation has found that only data from our CRM tool was involved in this incident. We can confirm that some business-card-like information about our business customers and prospects was included in this incident, such as name, business email address, company name, business phone number, and sometimes job title or location (e.g. city, state).

  • Neither Segment's products, nor the data that our customers pass through Segment's products, were ever connected to Apollo.io or affected by the Apollo.io incident. Segment's SaaS CRM, which we use to manage Segment's relationships with business prospects and customers, is a system that is unrelated to and operates separately from the Segment products and applications that our customers sign up for, purchase, and use.

What is Segment doing about this?

  • We discontinued use of Apollo.io’s services.

  • We are continuing our investigation and assessment of the impact of this incident.

  • We have built a new security bulletin page where we’ll post updates about the Apollo.io incident and future security-related developments that may be of interest to our customers.

What can you do to improve your general privacy and security and minimize risk?

  • Monitor your email address(es) for potential exposures in the Apollo.io incident and other reported incidents using haveibeenpwned.com.

  • Be vigilant about potential social engineering attacks like phishing or impersonation of company executives. Always check that email addresses match with your previous conversations, verify the domains you are visiting, and be wary of urgent calls to action in emails or text messages.

We apologize for any inconvenience this incident may cause. If you have any further questions or concerns, please do not hesitate to reach out to us at privacy@segment.com.