Twitter, Tumblr, Pinterest User Data Lost in Customer-Service Breach
You may not have heard of Zendesk, but if you've ever requested customer service through a website, it's probably heard of you.
Zendesk, based in San Francisco, makes behind-the-scenes software that handles Web-based customer-service queries for more than 25,000 companies.
Last night (Feb. 21), the company disclosed that its computer systems had been penetrated. It turned out that customer data belonging to Zendesk clients Pinterest, Tumblr and Twitter had been stolen.
"We've been hacked," founder and chief executive officer Mikkel Svane announced in a Zendesk company blog posting yesterday evening.
It was one of trio of security failures disclosed yesterday, including the discovery of malware on the NBC website and state-sponsored hacker attack on The Aspen Institute think tank.
"Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system," Svane wrote. "We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support-email subject lines."
Svane didn't name the three affected companies, but Wired News quickly named them as Pinterest, Tumblr and Twitter, and enclosed texts of the emails each was sending affected members.
"Zendesk's breach did not result in the exposure of information such as Twitter account passwords," read Twitter's email, according to Wired. "It may, however, have included contact information you provided when submitting a support request such as an email, phone number or Twitter username."
Pinterest's and Tumblr's messages said roughly the same thing, with both reminding customers to watch out for phishing emails capitalizing on the data breach and reaffirming that neither company would ever ask customers to disclose their account passwords via email.
None of the official emails or posting from Zendesk or its clients indicated how the intruders got into Zendesk's systems, or how many individuals' email addresses had been exposed.