Zendesk Attacked by Hacker, E-mail Addresses Compromised -- Redmondmag.com

Zendesk Attacked by Hacker, E-mail Addresses Compromised

By Chris Paoli
02/22/2013

I wonder how many customers put in a help ticket to Zendesk after learning of its data breach that occurred on Thursday.

According to the company, an unknown hacker gained access to the help desk company's database and made off with submitted customer information.

"We've become aware that a hacker accessed our system this week," said Zendesk's CEO Mikkel Svane, in a blog post. "As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines."

Svane also said that those that were affected were notified of the situation, and told customers that no passwords were taken.

Zendesk provides customer service tools and internal help desk services for more than 25,000 companies, including Kickstarter, Disney, Sony Music, Twitter and Pinterest.

While Zendesk did not provide information on who was affected, an unnamed source told Wired that Twitter, Pinterest and Tumblr customers were the target. Also, the hacker might have gotten ahold of customer phone numbers (if submitted by the customer when using the Zendesk services).

Once Tumblr learned of the attack, it sent an e-mail to all customers acknowledging the situation: "For the last 2.5 years, we've used a popular service called Zendesk to store, organize, and answer emails to Tumblr Support. We've learned that a security breach at Zendesk has affected Tumblr and two other companies. We are sending this notification to all email addresses that we believe may have been affected by this breach."

The e-mail also suggested that users change their passwords as soon as possible and to be on the lookout for any suspicious e-mails that appear to come from Tumblr. Both Twitter and Pinterest sent similar e-mails to its customers.

Due to the ongoing nature of the investigation Zendesk has yet to comment on the identity of the hacker.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.