Help

How can I report a security breach leaking PII?

Topic Labels: Admin Community
979 3
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
basilbowman
4 - Data Explorer
4 - Data Explorer
See Solution in Thread

‎Mar 12, 2024 12:41 PM

Hi y'all - I think I've found a VERY dumb breach in Airtable that's leaking PII.  I've sent in an email and reached out via the help system, but I suspect these forums might be better monitored - could an Airtable rep please find a way to contact me for proof?

 

If I can figure out a way to share an image w/o showing how the breach is happening, I'll update this thread and do so.

0 Kudos
Reply
3 Replies 3
MaddieJ
Community Manager
Community Manager
See Solution in Thread

‎Mar 12, 2024 02:57 PM

Hey @basilbowman

Our Support team is reviewing your request and they'll reach out to you about this.

Best,
Maddie

0 Kudos
Reply
MaddieJ
Community Manager
Community Manager
In response to MaddieJ
See Solution in Thread

‎Mar 12, 2024 07:06 PM

Hey @basilbowman thanks again for reaching out about this issue. Our team added more context to this via a LinkedIn post, but I wanted to be sure and share it here for anyone following this thread on Community:

"We’ve confirmed that no information was improperly shared. When someone chooses to share a base, Airtable suggests the names and email addresses of other users they have previously collaborated with on other bases (this information is also available by visiting “Manage Access” on any base where you’re a collaborator). We acknowledge this can be surprising if someone is a collaborator on a base with a large number of people they’re unfamiliar with."

Thanks for being a part of the Community!

Reply
basilbowman
4 - Data Explorer
4 - Data Explorer
See Solution in Thread

‎Mar 12, 2024 07:34 PM

Yeah, I just figured it out - it's actually intended behavior, apparently?

I think by opening a non-official template, I actually became a collaborator on it, which then puts me on a list with everyone else that has ever opened that template...AND:

  • those people don't show up in your list of collaborators
  • they don't show up as if you had shared something with them 
  • there's no indication you've created an instance of that template - because you haven't

All that means there are no public bases to leave and nothing to show your information is accessible (or that you're giving consent to sharing your information with everyone else on the list). 

The only thing that might indicate this is a single tab select only visible a few levels back that you have then have to filter that looks for "files shared with you" - which has no indication that might be related to why you now have the name/email of ~4k other people (who presumably are in a similar boat).

What absurdly bad UX.

0 Kudos
Reply
Copyright © 2024 Khoros, LLC