Transmitting Credentials in Plain Text!

In this post, I’m going to present to you my review on Pabbly Connect.

This review helps you also to get an idea about their other products like Pabbly Email Marketing and Pabbly Subscriptions.

Pabbly Connect homepage

Pabbly Connect is one of the most hyped-up Zapier alternatives in the market well known for its inverted-Beats audio green logo.

It is from the same team behind products like Pabbly Email Marketing and Pabbly Subscriptions.

They are popular for running lifetime deals in their group that goes around “Pabbly LTD deals”.

If you are not familiar with what Pabbly Connect does, it helps you integrate various apps and automate your workflows.

I came across this tool in their group and also by seeing their affiliates promoting it big time, trolling other competing products.

So I decided to give it a try.

I almost started to move my entire automation workflows out of Zapier and Integromat to Pabbly Connect.

Glad I did not entirely migrate and plugged out to change all my credentials.


Keep reading.

My review on Pabbly Connect

Big security issues

Pabbly has been accused of poor security measures. Early in 2020, they saw a big breach of user data – 51.2 Million Records were leaked online.

Pabbly data breach

As per the discovery made by Jeremiah Fowler, here are his conclusions:

Pabbly data breach report

Wait, what?

Database of the user data publicly available? Internal logs available on the free internet?

Pabbly data breach info

In spite of this, neither they seem to have thanked the bug spotter nor did they inform the users about the breach as part of their SOP.

If you search online, there are dozens of reports on the same.

They seem to have even have not fixed the issues according to many sources.

Pabbly bugs

As of writing this post there still seems to be an issue.

The problems with their integrations

They have integrations with 250+ apps as of writing this review. But the integrations are very shallow and put forward in a hurry to inflate the number to boost their lifetime deal sales.

Pabbly Connect integrations

They even advertise the apps like Notion, which isn’t even integrate-able and they don’t have integration with it as they don’t have an API (as of writing publishing this post).

Added to this, to give a sense of security to the users, they posted falsely that they’ve partnered up with 250+ apps for transmission of secure data.

Pabbly secure partners
Pabble secure partners

The above “learn more” link goes to their own privacy policy page, not the partner page published on ConvertKit or other products.

Pabbly Connect vulnerabilities

Pabbly Connect helps you connect all your apps and lets them communicate with each other. So, data security is critical.

Pabbly Connect is their new product, but they seem to be committing the same mistakes.

Pabbly credentials

They seem to be transmitting important credentials in plain text.

Pabbly credentials storage

Along with this they also have XSS vulnerabilities as you saw in one of the above screenshots.

Pabbly XSS vulnerability

It is even demonstrated in the community that they have XSS vulnerability.

How did they deal with the issues?

The co-founders – Neeraj Agarwal and Pankaj Agarwal deal with all the support issues on Facebook.

Neeraj Agarwal

Pankaj Agarwal

When this news started to surface all over the community, they rolled out the update.

Pabbly founders

FYI, Neeraj is one of the co-founders of Pabbly

They said the update rolled out in 15 minutes.

And later, it came to notice that it was just a frontend update. They hid the fact that they are transmitting credentials in plain text.

Later, I posted my concern in the group about this, it was deleted.

Pabbly community

Later as I started to share among the rest of the community regarding this, they evaded the questions.

Pabbly founders
Pabbly founders

They evaded the questions even after repeated queries.

Pabbly support

The co-founders and their affiliates started to attack me personally too.


In spite of a lot of pressure from the users to inform the customers about the breaches, they didn’t email their customers.

They just repeated what they did with Pabbly Email Marketing breach in early-2020 – with the very same vulnerabilities.

They seem to have gotten away as they are from a place where strict data regulations are not there unlike the EU or US.

But especially if you are serving clients there with their agency plans, beware!


Apps like Zapier need to take the privacy of their user’s data seriously.

Because these automation apps potentially have all the data and credentials of your entire online business.

Especially, with these kinds of apps, if you are dealing with high-stake client-related data as an agency, you’ll end up in a lot of trouble.

Having bugs and unintentional breaches are completely acceptable as long as they are communicated properly to the customers – so that you can stay transparent with your clients.

It’s just my honest review about Pabbly Connect. If you find any misleading information here, you can contact us.

Source link

Leave a Reply

Your email address will not be published.