The Inquirer-Home

Twitter, Tumblr and Pinterest users hit by Zendesk hack

Email addresses and personal data stolen
Fri Feb 22 2013, 16:33
Cyber crime

USERS OF SOCIAL NETWORKING WEBSITES Twitter, Tumblr and Pinterest have been hit by a hacking attack at Zendesk, which hosts customer service software for the three companies.

Zendesk confirmed the bad news on its website, sheepishly admitting that it had fallen victim to online hackers.

Zendesk CEO Mikkel Svane said, "We've become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had.

"Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system," he added, and although Twitter, Tumblr and Pintrest weren't mentioned, their names were soon outed online.

Svane continued, "We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

"We apologize to our customers and to their users. Our investigation thus far has revealed that no other Zendesk customers (or their users) were affected."

Twitter emailed some users to warn about the hack, alerting users to the fact that some of their information, such as phone numbers, may have been stolen.

The email read, "Zendesk's breach did not result in the exposure of information such as Twitter account passwords. It may, however, have included contact information you provided when submitting a support request such as an email, phone number or Twitter username,"

Tumblr and Pinterest, on the other hand, emailed users to warn that their email addresses might have also been exposed during the hack.

Security experts at Sophos have warned those affected by the attack to keep a keen eye on emails and links they click on within them, saying that although no passwords were stolen in the breach, it's still a serious attack.

Sophos senior security consultant Graham Cluley said, "Even though passwords were not taken as part of this hack (Zendesk wouldn't have had access to those - which is a relief), this is still a serious security incident which could have unpleasant ramifications.

"For instance, the hackers who have stolen the email addresses could now craft malicious emails to the email addresses of Twitter, Pinterest and Tumblr users and try to trick them into clicking on dangerous links or attachments." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Dead electronic devices to be banned on US-bound flights

Will the new rules banning uncharged devices be effective?