Zendesk Hacked, Leaving Pinterest, Tumblr And Twitter Users Exposed
Michael Harper for redOrbit.com – Your Universe Online
Given the number of cyber security breaches that have taken place this week, one has to wonder whether it isn’t perhaps all part of some elaborate plan. The latest hack attack occurred last night against help desk software maker Zendesk. Of the companies who use Zendesk’s services, Pinterest, Tumblr and Twitter have all stated that their users’ data may have been compromised as a result of the attack.
Zendesk CEO Mikkel Svane broke the news yesterday evening in a post on the company’s website succinctly titled: “We’ve been hacked.” Pinterest, Tumblr and Twitter all followed up with emails to those users who they believe may have potentially had their information compromised. Only those users who have emailed these companies for support are at risk.
“We’ve become aware that a hacker accessed our system this week,” wrote Svane in his post. The CEO also said his company is investigating the attack but does not yet have “the answer to every question.”
“As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response,” Svane continued.
Zendesk builds software that allows companies like the three mentioned to outsource their customer service. As such, Zendesk claims only those emails used to contact customer service may have been compromised. According to Wired though, these customers may have had their phone numbers revealed as well, while password, password hashes or encrypted passwords were not revealed.
In addition to email addresses, Zendesk warned that the subject lines of these emails may have also been compromised. According to Tumblr’s email to users, this means that if the blog address appeared in the subject line, the hackers may be able to associate the email address with the blog, possibly placing their account in danger.
“Any other information included in the subject lines of emails you’ve sent to Tumblr Support may be exposed,” explained Tumblr in their email to users, which was obtained by Wired.
“We recommend you review any correspondence you’ve addressed to firstname.lastname@example.org, email@example.com, firstname.lastname@example.org,email@example.com, firstname.lastname@example.org, or email@example.com.” Each of these three companies also reminded their users that they will never ask for passwords in an email. So far, none of the companies have found any compromised accounts due to the attack.
“We’re incredibly disappointed that this happened and are committed to doing everything we can to make certain it never happens again. We’ve already taken steps to improve our procedures and will continue to build even more robust security systems,” concluded Svane in the post. He has also promised to take legal action against these attackers if and when they discover them.
Given the number of attacks which have occurred this week, now may be a good time to review your security policies and even change your passwords. A good first step to a secure online lifestyle is to have multiple, strong passwords for each and every online profile that you maintain, taking extra care with those accounts in which you store your credit card information, such as Amazon, eBay or iTunes.