News

Zendesk Finds Out About Data Breach Three Years After it Occurred

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

Customer service software company Zendesk has been alerted to a data breach that occurred three years ago.

A third party told Zendesk about the attack, which impacted customer accounts that were activated before November 1, 2016. According to a Zendesk blog post, the attack affected the Support and Chat accounts of around 10,000 users. The data that was accessed included email addresses, names and phone numbers of agents and end-users of certain Zendesk products, and agent and end user passwords that were hashed and salted.

Zendesk also said another 700 customer accounts had authentication information accessed, including "Transport Layer Security (TLS) encryption keys provided to Zendesk by customers" and "configuration settings of apps installed from the Zendesk app marketplace or private apps. This may include integration keys used by those apps to authenticate against third party services."

Zendesk - the customers of which number around 145,000 and include Uber, Airbnb, Shopify, Slack, OpenTable and Zoosk - has gone into damage mode.

The company launched an investigation into the incident and engaged the services of a team of external forensic experts, as well as activating their own internal data security response team and protocol, and informing law enforcement and global regulatory agencies.

"Customers are being informed directly and kept up-to-date with the processes put in place to safeguard their accounts and data, while the Zendesk Security teams are also informing them of additional actions they can take themselves," said Maarten Van Horenbeeck, Chief Information Security Officer with Zendesk. "We are also implementing password rotations for all active agents in Support and Chat, and all end users in Support created prior to November 1, 2016."

This isn't the first time Zendesk has been breached. In 2013 a hacker infiltrated the company's systems and accessed the data of numerous customers. At the time Zendesk said they had "taken steps to improve our procedures and will continue to build even more robust security systems."

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203