At Privy, we take the security of our customers and their data very seriously, and we aim for the highest level of transparency to demonstrate we are worthy of their trust. On September 30, 2020 Privy was notified of a security incident at one of our vendors. We have concluded a review and determined that no unauthorized access has occurred on Privy's systems. No action is required by customers at this time.
The vendor, a developer tools provider, discovered an unauthorized third party accessed a failover database that may have included an API key that grants access to Privy systems. A summary of our actions in response:
- Required all employees to change their login credentials for the affected vendor.
- Reviewed security logs for unauthorized access. None was found.
- Strictly as a precaution, rotated passwords and secrets.
- Privy finished a migration off of the vendor on October 27, 2020.
Thank you for using Privy.