Tumblr, Twitter and Pinterest users warned after Zendesk support site hack

Filed Under: Phishing, Social networks, Twitter, Vulnerability

ZendeskUnless you work in the customer support business, it's possible you haven't even heard of Zendesk.. but chances are that you are familiar with some of the companies who use Zendesk's customer service portal to answer questions and build an online support community.

Big names that use Zendesk include Tumblr, Twitter and Pinterest.

And - unfortunately - hackers broke into Zendesk's systems this week and accessed the email addresses of Tumblr, Twitter and Pinterest customers who had attempted to get support.

Zendesk has published more details on its blog, under the refreshingly frank title of "We've been hacked":

Announcement from Zendesk

We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

Twitter has contacted affected users, and reassured them that passwords were not compromised as part of the Zendesk customer breach:

For its part, Tumblr has sent out emails to its affected users, as you can see in the following example shared by a Naked Security reader:

Security advisory sent out by Tumblr

You can't imagine that Tumblr, Twitter or Pinterest are delighted to find themselves in a position to send such emails to customers. Even though they weren't to blame, their customers are impacted by Zendesk's security breach.

Even though passwords were not taken as part of this hack (Zendesk wouldn't have had access to those - which is a relief), this is still a serious security incident which could have unpleasant ramifications.

For instance, the hackers who have stolen the email addresses could now craft malicious emails to the email addresses of Twitter, Pinterest and Tumblr users and try to trick them into clicking on dangerous links or attachments.

My advice if you are one of the unfortunate people impacted by the Zendesk breach is to - as always - be very careful about emails you receive, and be cautious about opening unsolicited email attachments or clicking on embedded links.

, , , ,

You might like

2 Responses to Tumblr, Twitter and Pinterest users warned after Zendesk support site hack

  1. Polly · 516 days ago

    "Even though they weren't to blame"

    I don't accept that. The end user had zero choice in the matter and, indeed, probably didn't even know the risk had been extended. To that extent, at the very least, Tumblr et al are culpable and attempts to absolve them from all blame are misguided. Actions, in this case by Tumblr et al, have consequences and, in this case, foreseeable in general terms if not the specifics

  2. Glen · 516 days ago

    To confirm your article, I have received a notification from" Pinterest" about the hacking. Thanks for the heads-up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.