Data protection specialists report a data breach at customer support software company Zendesk that would have compromised information from about 10k accounts of Support and Chat services created prior to November 2016. The company is currently notifying its customers. Zendesk services are used by nearly 150k companies around the world, including Uber, Airbnb and Shopify.
According to reports, it was a third party
which notified the company about the incident that affected its products and
the accounts of customers with activity prior to the aforementioned date.
In a statement, the company said: “Our
investigation is still ongoing; however, we have already been able to confirm
that information belonging to a small portion of our customers has been
compromised during this incident.”
Zendesk states that it has so far not been
possible to determine whether all accounts created before November 2016 were
affected; as a security measure, the company decided to notify about the data
theft to all account owners.
So far, the company has been able to conclude
that the compromised details include:
Layer Security (TLS) certificates
about service settings, including integration keys and passwords used in
In addition to the notification, Zendesk
published a list of some security tips for potentially affected users.
According to data protection specialists, the list includes recommendations
login credentials for any Sendesk service or other private applications
case the user uploads a TLS certificate still in force in Zendesk before the
mentioned date, it is recommended to upload a new certificate, revoking the
This is not the first time a similar incident occurs in Zendesk. In 2013, data protection specialists from the International Institute of Cyber Security (IICS) reported a data breach in the company; on that occasion, a hacker managed to infiltrate several Zendesk systems to access user data without authentication or authorization.