Zendesk Attacked by Hacker, E-mail Addresses Compromised
I wonder how many customers put in a help ticket to Zendesk after learning of its data breach that occurred on Thursday.
According to the company, an unknown hacker gained access to the help desk company's database and made off with submitted customer information.
"We've become aware that a hacker accessed our system this week," said Zendesk's CEO Mikkel Svane, in a blog post. "As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines."
Svane also said that those that were affected were notified of the situation, and told customers that no passwords were taken.
Zendesk provides customer service tools and internal help desk services for more than 25,000 companies, including Kickstarter, Disney, Sony Music, Twitter and Pinterest.
While Zendesk did not provide information on who was affected, an unnamed source told Wired that Twitter, Pinterest and Tumblr customers were the target. Also, the hacker might have gotten ahold of customer phone numbers (if submitted by the customer when using the Zendesk services).
Once Tumblr learned of the attack, it sent an e-mail to all customers acknowledging the situation: "For the last 2.5 years, we've used a popular service called Zendesk to store, organize, and answer emails to Tumblr Support. We've learned that a security breach at Zendesk has affected Tumblr and two other companies. We are sending this notification to all email addresses that we believe may have been affected by this breach."
The e-mail also suggested that users change their passwords as soon as possible and to be on the lookout for any suspicious e-mails that appear to come from Tumblr. Both Twitter and Pinterest sent similar e-mails to its customers.
Due to the ongoing nature of the investigation Zendesk has yet to comment on the identity of the hacker.