Zendesk security breach affects Twitter, Tumblr, and Pinterest users

A breach at Zendesk resulted in hackers obtaining support information sent to a trio of social networks.

Customer service turned into customer disservice on Thursday, when a security breach at Zendesk spilled over to affect Twitter, Tumblr, and Pinterest users.

Zendesk, which supplies customer service software for the three companies, said on its blog that hackers downloaded the email addresses of users who contacted the three social networks for support help, along with the subject lines of said support emails. The company claims that no other critical data has been accessed.

Zendesk discovered the breach earlier this week, then patched the vulnerability and closed off the hacker's access in short order. The company has more than 25,000 clients, but it said no other Zendesk customers were affected by the breach, which was apparently highly targeted.

Twitter's official support account noted that it emailed a small percentage of users who may have been affected by Zendesk's breach, and that no passwords were involved in the hack. In the email itself--which Reuters deputy social media editor Matthew Keys appropriately posted in a Twitpic--Twitter added it does not believe people need to take any action at this time, though the company also warned that any contact info included in support emails may have been compromised.

In another email to users affected by the breach, Tumblr said much of the information obtained by the hackers is "innocuous", but urged users to be suspicious of unexpected emails asking for their password. Pinterest also advised its users to use a strong password or change it if they have a weak key phrase.

Even though passwords were not hacked as part of this breach, Graham Cluley, a senior technology consultant at security firm Sophos, explained in a blog post this could have unpleasant ramifications: "For instance, the hackers who have stolen the email addresses could now craft malicious emails to the email addresses of Twitter, Pinterest and Tumblr users and try to trick them into clicking on dangerous links or attachments."

For users who received a notification emails from one of the three social networks, Cluley's advice is to "be very careful about emails you receive, and be cautious about opening unsolicited email attachments or clicking on embedded links."

Tags hackersReuterssecurityZendeskTumblrtwitterTwitpicsocial networksPinterest

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Risk Management Solutions

Create and deliver online assessments to identify business risks and track their mitigation and resolution.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.