Security Update regarding Axios supply chain compromise

Trust Portal

Start your security review

View & download sensitive information

Ask for information

Overview

At Contentsquare (to which Heap and Hotjar have recently been incorporated), the security, confidentiality and availability of your data is of utmost importance to us. We have invested heavily in our security program which is based on a Defense in Depth model. Our cybersecurity program aligns with the NIST Cybersecurity Framework and our policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 Framework. Contentsquare is ISO 27001, ISO 27017, ISO 27018 and ISO 27701 certified and holds a SOC 2 Type II report.

Contentsquare’s security program is managed by our chief information security officer (CISO). The CISO is supported by cybersecurity members that are leading and managing DevSecOps, product security, security governance, third-party risk assurance and information technology risk.

Compliance

Documents

Featured Documents

REPORTSPentest Report

REPORTSSecurity Whitepaper

COMPLIANCEISO/IEC 27001

COMPLIANCEISO/IEC 27701

SELF-ASSESSMENTSCAIQ

POLICIESInformation Security Policy

Policies

Information Security Policy

Information Management System (IMS) Policy

Incident Response Policy

Product Security

Audit Logging

Data Security

Integrations

Self-Assessments

CAIQ

SIG Lite

Data Privacy

Privacy Policies

Data Processing Agreement (DPA)

Details of Data Processing by Product

Data Security

Access Monitoring

Data Backups

Data Erasure

App Security

Responsible Disclosure

Code Analysis

Credential Management

Reports

Artificial Intelligence

Network Diagram

Pentest Report

Legal

Master Services Agreement

Service-Level Agreement

Cyber Insurance

Access Control

Data Access

Logging

Password Security

Infrastructure

Status Monitoring

Amazon Web Services and Azure

BC/DR

Endpoint Security

Disk Encryption

Endpoint Detection & Response

Mobile Device Management

Network Security

Security Information and Event Management

Virtual Private Cloud

Corporate Security

Employee Training and Security

Incident Response

Internal Assessments

Security Grades

Qualys SSL Labs

contentsquare.com

A+

Availability

Status Page

Physical & Environment

Access Monitoring

Alarms & Surveillance

Fire Protection

Continuous Monitoring

Automated Alert Response

Automated Compliance Monitoring

Data Loss Prevention System (DLP)

Trust Portal Updates

Security Update regarding Axios supply chain compromise

Copy link

Vulnerabilities

Dear Customers,

Following recent supply chain attack reports regarding specific compromised Axios releases, our security team performed a comprehensive audit of our development and build environments.

We are writing to confirm that Contentsquare services and customer data remain secure.

We are also writing to confirm the following:

Proactive Mitigation: Upon identification of the affected package versions, we immediately invoked our incident response protocol. As a standard proactive security best practice, we completed a comprehensive rotation of internal credentials and environment secrets to ensure the continued integrity of our systems.
No Impact on Customer Data: Our investigation confirms that no customer data was accessed or impacted. The scope was limited to internal build processes, which have since been cleared.
Supply Chain Resilience: To further harden our environment, we have formalized new security policies requiring stricter version-pinning and a minimum release age requirement for all third-party dependencies. We are currently implementing these architectural controls to further minimize exposure to future supply chain risks.

We remain committed to transparency and the highest standards of data protection. If you have any questions, please contact us at security@contentsquare(.)com.

Sincerely,
The Contentsquare Security Team

If you think you may have discovered a vulnerability, please send us a note.

Report issue