Describe the problem/error/question
Hey everyone! Over this past week (not sure which day), our entire n8n account got wiped. We are on a paid subscription, and there 4 users in total - 1 owner, 3 members. Our three members’ accounts were deleted as well. We are assuming this was some sort of a data breach, but we have no way of knowing for sure since there’s no recycle bin option, no “deleted by” or other such audition as far as I know. Furthermore, ideally, we would also like to know who did it if it was indeed a data breach - a way to access the IP Address or “Last logged in at” or the devices/locations the accounts are being used in would be really helpful.
Again, a lot of this info is not accessible through the UI. Can someone from the n8n team or community please advise how to go about auditing and/or reverse engineering this? Thankfully, we had downloaded some workflows across different days for various reasons, but we have still lost a big chunk of our data, especially the executions data.
I would be grateful for any help in this issue, thank you. Again, this issue was observed today i.e., 09/08/2025, whereas everything seemed to be in order until 09/05/2025.
Information on your n8n setup
- n8n version: 1.109.1
- Running n8n via (Docker, npm, n8n cloud, desktop app): n8n cloud
- Operating system: Windows