Response to Typeform’s recent data breach

Cocoon responds to Typeform data breach
Cocoon Labs

On Monday 2nd July 2018, we were informed that Typeform – a company we once used to conduct a survey about Cocoon – suffered a data breach. Rest assured that this does not impact any Cocoon systems.

Our software and hardware is unaffected and we are continuing to maintain the security and integrity of our externally-validated systems. This is through ongoing, pro-active and precautionary security patches. We understand that Typeform responded immediately, fixing the source of the breach to prevent any further intrusion.

This afternoon, we are contacting those who may be affected.

What happened?

On June 27, 2018, Typeform’s engineering team discovered that an unknown third party had gained access to their server and downloaded certain information, including some data of respondents to surveys conducted by Cocoon on Typeform. They claim to have responded immediately, closing the source of entry and closely monitoring their platform. Typform reported that there is no evidence of any recurrence of the incident.

Before contacting us, Typeform performed an investigation to ensure they could minimise risk of further attacks and give clear detail of the data breach to those affected. You can read how Typeform responded to the data breach here.

Who is affected?

92 people who participated in a survey in 2015, before the launch of Cocoon, may have had the data they entered into Typeform accessed by a third party. We will be alerting those who took part in that survey directly, by email.

We have not used Typeform since 2015. As a result, just one survey about Cocoon, which we conducted in mid-2015, has been impacted by this breach.

What should you do?

No specific precautions are necessary as a response. As always, please be alert for spam or phishing emails in your inbox. If you receive an email that you’re not sure of, do not click any links or open any attachments. If you think something is spam, report it to your email provider – most will have a “report spam” button you can click. By reporting it you will help email systems to spot spammers and reduce the amount of spam that everyone receives.

For those affected, please look out for suspicious contact by email – particularly from anyone claiming to be Cocoon. If in doubt, email us on [email protected] and we can verify if an email is genuine or not. Never invite anyone to your Cocoon household unless you are sure of their identity and trust them. The Cocoon team will never ask you for a household invitation. If someone claiming to be Cocoon ever contacts you requesting access please let us know immediately.

We have no ongoing relationship with Typeform and have not used their service since 2015. We have no current plans to use Typeform and any future use would be dependent on a review of their security precautions.

As part of routine security and data measures, Cocoon has deleted remaining survey data collected through the Typeform platform.

Cocoon isn’t just about home security, it’s about helping you feel safe in your real and digital worlds. We regularly share tips on keeping your data secure on our blog and social media, but if you have any questions our team are on hand to help. You can email them on [email protected].