We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,639 News Articles

Zendesk security breach affects Twitter, Tumblr, and Pinterest users

A breach at Zendesk resulted in hackers obtaining support information sent to a trio of social networks.

Customer service turned into customer disservice on Thursday, when a security breach at Zendesk spilled over to affect Twitter, Tumblr, and Pinterest users.

Zendesk, which supplies customer service software for the three companies, said on its blog that hackers downloaded the email addresses of users who contacted the three social networks for support help, along with the subject lines of said support emails. The company claims that no other critical data has been accessed.

Zendesk discovered the breach earlier this week, then patched the vulnerability and closed off the hacker's access in short order. The company has more than 25,000 clients, but it said no other Zendesk customers were affected by the breach, which was apparently highly targeted.

Twitter's official support account noted that it emailed a small percentage of users who may have been affected by Zendesk's breach, and that no passwords were involved in the hack. In the email itself--which Reuters deputy social media editor Matthew Keys appropriately posted in a Twitpic--Twitter added it does not believe people need to take any action at this time, though the company also warned that any contact info included in support emails may have been compromised.

In another email to users affected by the breach, Tumblr said much of the information obtained by the hackers is "innocuous", but urged users to be suspicious of unexpected emails asking for their password. Pinterest also advised its users to use a strong password or change it if they have a weak key phrase.

Even though passwords were not hacked as part of this breach, Graham Cluley, a senior technology consultant at security firm Sophos, explained in a blog post this could have unpleasant ramifications: "For instance, the hackers who have stolen the email addresses could now craft malicious emails to the email addresses of Twitter, Pinterest and Tumblr users and try to trick them into clicking on dangerous links or attachments."

For users who received a notification emails from one of the three social networks, Cluley's advice is to "be very careful about emails you receive, and be cautious about opening unsolicited email attachments or clicking on embedded links."


IDG UK Sites

Motorola Moto G vs Nokia Lumia 530 comparison: What's the best budget smartphone

IDG UK Sites

Everything you need to know about Apple's iPhone Camera in iOS 8

IDG UK Sites

Why you shouldn't trust password managers

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer