Customer support service Zendesk revealed on Thursday that it had been hacked and three of its clients were affected. Twitter, Tumblr and Pinterest appear to be the three, as they have have all contacted users to warn that they may have been affected by the breach.
Zendesk noted in a blog post that a hacker had managed to gain access to support information. The company has since patched the vulnerability, but it suspects that the intruder downloaded email addresses and subject lines of users seeking support from three of its customers.
Twitter’s official @Support account subsequently tweeted that the company was “emailing a small percentage of Twitter users who may have been affected by Zendesk’s breach,” adding that no passwords had been involved.
A Tumblr spokesperson has provided to The Next Web a notice sent to users informing them that emails sent to Tumblr support addresses may have been compromised.
We’re working with law enforcement and Zendesk to better understand this attack. Please monitor your email and Tumblr accounts for “suspicious behavior, and notify us immediately if you have any concerns,” the company wrote in its email.
Wired notes that Pinterest has also sent emails to its users.
“Unfortunately your name, email address and subject line of your message were improperly accessed during [Zendesk's] security breach,” Pinterest wrote.
February has been a sad month for cybersecurity. Apple, Facebook and Twitter have all faced embarrassing intrusions recently. Meanwhile, numerous companies, including the New York Times and Wall Street Journal, have come forward to reveal that they have been the victims of hacking attempts believed to originate from hackers connected to the Chinese military.
Recent incidents have caused the US government to take action to help corporations improve their security while also introducing stricter penalties against cybercrimes.
“I am pleased to report we are fighting back more aggressively and collaboratively than ever before,” Attorney Gen. Eric Holder said during a White House event earlier this week.
Tumblr’s full email:
Important information regarding your security and privacy
For the last 2.5 years, we’ve used a popular service called Zendesk to store, organize, and answer emails to Tumblr Support. We’ve learned that a security breach at Zendesk has affected Tumblr and two other companies. We are sending this notification to all email addresses that we believe may have been affected by this breach.
This has potentially exposed records of subject lines and, in some cases, email addresses of messages sent to Tumblr Support. While much of this information is innocuous, please take some time today to consider the following:
The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address.
Any other information included in the subject lines of emails you’ve sent to Tumblr Support may be exposed. We recommend you review any correspondence you’ve addressed to email@example.com, firstname.lastname@example.org, email@example.com,firstname.lastname@example.org, email@example.com, firstname.lastname@example.org.
Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive.
Your safety is our highest priority. We’re working with law enforcement and Zendesk to better understand this attack. Please monitor your email and Tumblr accounts for suspicious behavior, and notify us immediately if you have any concerns.
Here’s the email Pinterest sent to “the small percentage” of users that may have been affected:
An important notice about security on Pinterest
We recently learned that the vendor we use to answer support requests and other emails (Zendesk) experienced a security breach.
We’re sending you this email because we received or answered a message from you using Zendesk. Unfortunately your name, email address and subject line of your message were improperly accessed during their security breach. To help keep your account secure, please:
Don’t share your password. We will never send you an email asking for your password. If you get an email like this, please let us know right away.
Beware of suspicious emails. If you get any emails that look like they’re from Pinterest but don’t feel right, please let us know—especially if they include details about your support request.
Use a strong Pinterest password. Hackers can sometimes guess very short passwords with no letters or symbols. If your password is weak, you can <create a new one><hyperlink to /reset>.
We’re really sorry this happened, and we’ll keep working with law enforcement and our vendors to ensure your information is protected.
Image credit: Thinkstock