Zendesk hack snares user data from Twitter, Tumblr, Pinterest

Some information for users of the social networks was captured when hackers attacked the customer support service.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

At a time when it seems no company is immune from hackers, user information from three high-profile social-networking sites has been compromised due to a hack at another company.

Customer support service Zendesk revealed today that it had been the victim of a security breach and that information from three of its clients had been downloaded. As first reported by Wired, those three clients are Twitter, Pinterest, and Tumblr.

Zendesk revealed the hack in a company blog post today that said the vulnerability was immediately identified and patched:

Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

Although Zendesk did not identity the clients by name, some users of the social-networking services began receiving warnings that they may have been affected by the breach. Wired published warnings sent by each company that identified Zendesk as the point of the leak.

One e-mail sent by Tumblr to a CNET associate said hackers may have had access to the subject lines and e-mail addresses of messages sent to Tumblr support:

The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address.
Any other information included in the subject lines of emails you've sent to Tumblr Support may be exposed. We recommend you review any correspondence you've addressed to support@tumblr.com, abuse@tumblr.com, dmca@tumblr.com, legal@tumblr.com, enquiries@tumblr.com, or lawenforcement@tumblr.com.

Founded in 2007, the cloud-based customer service solution provider announced last month that it had signed up its 25,000th customer.

The hacks come just days after Apple and Facebook revealed that their employees' computers fell victim to unauthorized access.