Zendesk hack snares user data from Twitter, Tumblr, Pinterest
Some information for users of the social networks was captured when hackers attacked the customer support service.
At a time when it seems no company is immune from hackers, user information from three high-profile social-networking sites has been compromised due to a hack at another company.
Customer support service Zendesk revealed today that it had been the victim of a security breach and that information from three of its clients had been downloaded. As first reported by Wired, those three clients are Twitter, Pinterest, and Tumblr.
Zendesk revealed the hack in a company blog post today that said the vulnerability was immediately identified and patched:
Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.
Although Zendesk did not identity the clients by name, some users of the social-networking services began receiving warnings that they may have been affected by the breach. Wired published warnings sent by each company that identified Zendesk as the point of the leak.
One e-mail sent by Tumblr to a CNET associate said hackers may have had access to the subject lines and e-mail addresses of messages sent to Tumblr support:
The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address.Founded in 2007, the cloud-based customer service solution provider announced last month that it had signed up its 25,000th customer.
Any other information included in the subject lines of emails you've sent to Tumblr Support may be exposed. We recommend you review any correspondence you've addressed to email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, or firstname.lastname@example.org.
The hacks come just days afterrevealed that their employees' computers fell victim to unauthorized access.