Home Zendesk Hack Compromises User Data Of Twitter, Tumblr & Pinterest

Zendesk Hack Compromises User Data Of Twitter, Tumblr & Pinterest

What better way to celebrate the week hackers ran rampant than with another security breach? Zendesk, a company that offers IT support tools and customer service software, announced on Thursday that it had been hacked. In a blog post, CEO Mikkel Svane stated, “We’ve become aware that a hacker accessed out system this week,” though he did not say by which method or for how long.

What separates this attack from the malicious malware that infected machines at Facebook and Apple is that these hackers managed to compromise a healthy amount of Zendesk’s stored user data, putting users of three of the company’s big clients – Twitter, Tumblr and Pinterest – at risk for phishing and other attacks.

“Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system,” wrote Svane, adding, “We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines.”

Svane did not specifically cite Tumblr, Twitter and Pinterest, but support emails sent out from the companies informing users of the attack confirms that user data could have been compromised indirectly. While usernames and passwords were not compromised, the threat of individualized attacks aimed at gaining access to accounts and stealing personal information does exist.

Tumblr, for example, sent out emails stating the following: 

“The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address.”

It went on to advise users to review any emails received from support, abuse, dmca, legal, enquiries or lawenforcement with a @tumblr.com tagged on the end. The fear is that hackers, equipped with people’s email addresses and the issues they raised with specific departments at a service like Tumblr, could then phish users with a masked version of that same address.

Tumblr’s support email ended with a warning along those very lines: “Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive.”

While it’s not exactly comforting to know that you should be suspicious of any and all “unexpected emails,” companies like Twitter are taking measures to ensure that the tools are in place to help flag these attacks if they do occur.

In a public announcement yesterday, Twitter said that it has been utilizing DMARC authenticaion technology  to help lessen the risk of users giving away personal information. Using established authentication protocols, DMARC gives email providers a way to block email from forged domains. “While this protocol is young, it has already gained a significant traction in the email community with all four major email providers – AOL, Gmail, Hotmail/Outlook, and Yahoo! Mail – already on board…” the post reads.

While its good to know that Twitter is addressing the hacker threat alongside its fellow social network giants, all these measures are merely reactionary moves following widespread breaches. The Zendesk hack makes it abundantly clear that we need more proactive security measures that include third-parties to keep these attacks from wreaking havoc. Until then, the hackers will keep succeeding, and users will pay the price. 

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.