Get a demo
Resources Articles Security Notification Regarding Third-Party Integration

Security Notification Regarding Third-Party Integration

Security notification

Recently, we have been made aware of a security incident involving a third-party integration with our support ticketing system. We take the privacy and protection of your data seriously, and want to be transparent about what occurred, what we’ve done in response, and what actions (if any) you should take. 

What Happened:

On 27 August, we were notified by our support ticketing platform vendor that one of their integrations — provided by a third-party vendor, Drift — had experienced unauthorized access due to a compromised API key. This API key allowed limited access to our support ticket instance. The potential window of unauthorized access was between 13 and 18 August.

What We Did:

  1. Upon notification, we worked immediately with our support ticketing vendor to:
  2. Invalidate the compromised API key
  3. Remove the Drift integration from our environment
  4. Confirm the security of our support system instance
  1. We initiated our own internal investigation to assess the scope of the incident and to determine if any of our customer data had been accessed.

By 3 September, we confirmed that unauthorized access had occurred using the Drift integration. The available permissions could have allowed limited viewing of certain ticket metadata, such as email addresses.

What Data May Have Been Affected:

At this time, our investigation indicates that:

  1. A small subset of user email addresses may have been accessed
  2. No passwords, authentication credentials, payment information, or sensitive personal data were exposed
  3. There is no evidence of malicious activity within our own systems

We are continuing to monitor for any signs of misuse.

Regulatory & Customer Notification:

We are notifying:

  1. Relevant regulatory bodies, where required
  2. Affected users directly, along with this notice

Actions We Recommend:

While the risk to your data appears to be limited, we recommend:

  1. Staying alert for unusual or unsolicited emails
  2. Being cautious of unexpected requests referencing support tickets or password changes
  3. Do not share credentials with anyone claiming to be from our support team — we will never ask for your password

If you have previously shared sensitive information (such as credentials or API keys) in any support tickets, we recommend rotating those credentials as a precaution.

Need Help or Have Questions?

If you have any questions or concerns, please contact our support team directly at https://help.searchspring.net/ 

Our Commitment

We are committed to protecting your data and maintaining the security and trust you place in us. We are actively reviewing our vendor integration practices and enhancing controls to prevent similar issues in the future.

Thank you for your understanding.

Share on social

Related Resources

Article

When orders and revenue diverge, what works?

Practical moves retailers can use today. Highlights from IMRG’s Weekly Data Show featuring Athos Commerce.

Keep reading
Article

BFCM 2025 Ecommerce Strategies | Key Takeaways for Holiday Readiness

Win BFCM 2025 with smarter ecommerce strategies: start early, test often, personalize across the journey, and adopt a Q5 mindset for long-term growth.

Keep reading
Article

Shoppers Are Telling You Their Budget—Is Your Search Listening?

Shoppers are typing their budgets directly into your search bar, but is your site actually responding? Learn how intent-aware search is reducing friction and driving more confident purchases.

Keep reading

Find Which Athos Commerce Product is Right for You

Get The Demo