Incidents

Data breach in Zendesk; over 10k companies affected. Find out if your company’s data was exposed

Data protection specialists report a data breach at customer support software company Zendesk that would have compromised information from about 10k accounts of Support and Chat services created prior to November 2016. The company is currently notifying its customers. Zendesk services are used by nearly 150k companies around the world, including Uber, Airbnb and Shopify.

According to reports, it was a third party
which notified the company about the incident that affected its products and
the accounts of customers with activity prior to the aforementioned date.

In a statement, the company said: “Our
investigation is still ongoing; however, we have already been able to confirm
that information belonging to a small portion of our customers has been
compromised during this incident.”

Zendesk states that it has so far not been
possible to determine whether all accounts created before November 2016 were
affected; as a security measure, the company decided to notify about the data
theft to all account owners.

So far, the company has been able to conclude
that the compromised details include:

  • Usernames
    and hashed
    passwords
  • Transport
    Layer Security (TLS) certificates
  • Details
    about service settings, including integration keys and passwords used in
    Zendesk apps

In addition to the notification, Zendesk
published a list of some security tips for potentially affected users.
According to data protection specialists, the list includes recommendations
such as:

  • Reset
    login credentials for any Sendesk service or other private applications
  • In
    case the user uploads a TLS certificate still in force in Zendesk before the
    mentioned date, it is recommended to upload a new certificate, revoking the
    previous one

This is not the first time a similar incident occurs in Zendesk. In 2013, data protection specialists from the International Institute of Cyber Security (IICS) reported a data breach in the company; on that occasion, a hacker managed to infiltrate several Zendesk systems to access user data without authentication or authorization.

To Top

Pin It on Pinterest

Share This