Zendesk security breach in the year 2016 exposed data of around 10,000 customers

In the year 2016, Zendesk has suffered from a security breach which has exposed data of around 10,000 users, including email addresses, usernames, phone numbers, and passwords. Currently, Zendesk software has been used by many major organizations globally, including Uber, Airbnb, Shopify, and Slack. Zendesk says that 145,000 entities in 160 countries as well as territories are using their customer support platform.

Recently, the company has learned about this hack from a third-party. The security notice published by the company for disclosing this incident said that "we recently were alerted by a third party regarding a security matter that may have affected the Zendesk Support and Chat products and customer accounts of those products activated prior to November of 2016".

The security notice further said that "while our investigation is still ongoing, on September 24, 2019, we determined that information belonging to a small percentage of customers was accessed". The breach does not seem to affect the Zendesk Support and Chat accounts that were activated after Nov. 1, 2016.

The ongoing investigation, as of Sep. 24, 2019, determined that around 10,000 accounts, including the expired trial accounts as well as inactive accounts, have been impacted. For approximately 700 accounts, the hackers might have also accessed the TLS encryption keys as well as configuration settings for the apps. The configuration data may include the integration keys that were used by the applications so as to authenticate on the third-party services.

Zendesk said that it has not found any evidence till now, that ticket data has been compromised because of this incident. Zendesk also noted that the BIME, Connect, Sell as well as Smooch products have not been affected.

This customer service software company has also decided to notify all impacted users. Moreover, Zendesk has contacted the law enforcement along with forensics experts to help in their investigation about this incident.

"Our security team is committed to determining the full extent of the data exposure and we will update you if we learn of any additional information that pertains to unauthorized access to your account so you can take appropriate proactive measures to protect your business," concludes Zendesk.

» SPAMfighter News - 10/21/2019