14 DAY TRIAL // A few hours ago, Zendesk – the popular customer support service – admitted that its systems had been hacked earlier this week. The company reported that three of their customers were affected by the breach.
“As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system,” Zendesk’s Mikkel Svane explained.
Svane added, “We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.”
The company reveals that it’s working with authorities on “bringing anyone involved to justice.”
While Zendesk hasn’t named the three customers affected by the hack, Wired has learned that they are Twitter, Tumblr and Pinterest.
Softpedia has received the notification sent by Tumblr to the affected users.
“For the last 2.5 years, we've used a popular service called Zendesk to store, organize, and answer emails to Tumblr Support. We've learned that a security breach at Zendesk has affected Tumblr and two other companies. We are sending this notification to all email addresses that we believe may have been affected by this breach,” the notification reads.
Twitter, Tumblr and Pinterest all confirm that no passwords have been compromised. However, users are warned that the exposed subject lines might include other information such as blog name (in the case of Tumblr), or contact information.
Users are also advised to beware of phishing emails since cybercriminals might leverage the incident in an attempt to trick unsuspecting internauts into handing over their passwords. It’s important to remember that legitimate emails from the affected companies will never request passwords or other sensitive information.
The Zendesk hack comes shortly after other major companies, including Apple, Facebook and Twitter, reported being breached.