Zendesk security breach affects Twitter, Tumblr, and Pinterest users

A breach at Zendesk resulted in hackers obtaining support information sent to a trio of social networks.

Customer service turned into customer disservice on Thursday, when a security breach at Zendesk spilled over to affect Twitter, Tumblr, and Pinterest users.

Zendesk, which supplies customer service software for the three companies, said on its blog that hackers downloaded the email addresses of users who contacted the three social networks for support help, along with the subject lines of said support emails. The company claims that no other critical data has been accessed.

Zendesk discovered the breach earlier this week, then patched the vulnerability and closed off the hacker's access in short order. The company has more than 25,000 clients, but it said no other Zendesk customers were affected by the breach, which was apparently highly targeted.

Twitter's official support account noted that it emailed a small percentage of users who may have been affected by Zendesk's breach, and that no passwords were involved in the hack. In the email itself--which Reuters deputy social media editor Matthew Keys appropriately posted in a Twitpic--Twitter added it does not believe people need to take any action at this time, though the company also warned that any contact info included in support emails may have been compromised.

In another email to users affected by the breach, Tumblr said much of the information obtained by the hackers is "innocuous", but urged users to be suspicious of unexpected emails asking for their password. Pinterest also advised its users to use a strong password or change it if they have a weak key phrase.

Even though passwords were not hacked as part of this breach, Graham Cluley, a senior technology consultant at security firm Sophos, explained in a blog post this could have unpleasant ramifications: "For instance, the hackers who have stolen the email addresses could now craft malicious emails to the email addresses of Twitter, Pinterest and Tumblr users and try to trick them into clicking on dangerous links or attachments."

For users who received a notification emails from one of the three social networks, Cluley's advice is to "be very careful about emails you receive, and be cautious about opening unsolicited email attachments or clicking on embedded links."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags hackerssocial networkstwitterReutersZendeskTumblrPinterestTwitpic

More about Reuters AustraliaSophosZendesk

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Daniel Ionescu

Latest Videos

More videos

Blog Posts