Segment had a security incident. Here's what you need to know.
Last updated September 2, 2020
Between August 26 and August 31, 2019 an unauthorized party compromised a Segment employee’s Segment web application account without their knowledge, logging in with their email and password. This account had privileged access.
Using the employee’s account during this August 26 - August 31 time period, the unauthorized party acquired data relating to how Segment's own customers use the Segment product. This includes information about how Segment's own users interact with our application and associated Segment account information (email address, first and last name, IP address for each session, and Segment write keys). No Segment customer passwords were compromised.
This data is used by our product, marketing, and customer success teams to provide ongoing support for our customers.
When did Segment discover the issue? What did Segment do when it discovered the issue?
We learned about the incident on August 31. Upon detection, we took immediate action, disabling and deleting the account that was compromised. We then began a full investigation to understand and assess the impact of the incident.
What information was involved?
Over the course of our investigation, we learned that during the August 26 - August 31 time period, the unauthorized party acquired data relating to how our customers use their Segment workspaces. This includes:
Was my customer information exposed?
The unauthorized party acquired two months of historical data relating to how Segment’s own customers use their own Segment workspaces. This did not include any information about your customers. Most Segment customers that were impacted received a general security notice regarding this aspect of the incident.
For a small subset of Segment customers (13) who were notified on September 5th, the unauthorized party gained read-only access to their workspaces for up to a few minutes. These customers have been notified in a separate, explicit communication if this occurred.
What is Segment doing to ensure this doesn’t happen again?
We have taken immediate action and are continuing to investigate and assess the impact of this incident. Upon discovery, we:
What should I do about this incident?
Unless you have been specifically instructed differently by Segment, there is no direct action required. However, this is a good opportunity to make sure that your Segment password is a unique, strong password. We’d also recommend you activate Multi-Factor Authentication (MFA). This blog post covers strong passwords and activating MFA.
We apologize for any inconveniences this incident may cause. If you have any further questions or concerns, please do not hesitate to reach out to us at firstname.lastname@example.org.