Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

Zendesk hack endangers Tumblr, Twitter and Pinterest users

Posted on 22 February 2013.

Popular customer service software provider Zendesk has announced that they have been hacked.

"We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had," Zendesk CEO Mikkel Svane wrote on the company blog.

"Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response."

He also noted no other customers (or their users) have been affected by the breach, but didn't name the three affected customers.

But Wired's Mat Honan has managed to unearth that these three are Twitter, Tumblr and Pinterest, as they have already emailed their own potentially affected customers to warn them about possible repercussions.

They all pointed out that no passwords were compromised, but that the attackers have managed to collect contact information such email address, name, phone number, or username, and may use it to mount targeted phishing attacks aimed at stealing users' passwords, and ultimately at hijacking their accounts.