Skip to main content

Is there a reason why you don't need to verify your email address to access Airtable? I was shocked to discover this isn't a requirement. 

I have an interface set up so that only the current user can view sets of information, but I found that it's possible for someone to create an Airtable account with someone else's email and view the information associated with that email address. Email verification is not required to access the interface and see data that should only be seen by the actual user. 

Are there plans to address this? Is anyone using a workaround to make this more secure? Is it related to being on the Team plan?

Yeah, that seems like a pretty big security hole. I would report that to support@airtable.com. 

Yeah, that seems like a pretty big security hole. I would report that to support@airtable.com. 


Thanks! I'll do that. I'm getting pushback from my company about using Airtable because of this security issue. I was also surprised at the lack of posts about it. 

UPDATE: Customer Support did respond, and I did some new testing. As far as I can tell now, any shared bases or interfaces cannot be accessed until after email verification. So while email verification is not required to start using Airtable, shared data cannot be accessed until after the email address is verified.

Ah, that's great to know!

Reply


Terms & Conditions