A security breach at cloud-based customer support vendor Zendesk has exposed personal information including email addresses of Twitter, Pinterest, and Tumblr users, the company in a blog post.
We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.
Twitter, Tumblr and Pinterest alerted affected users via email.
In addition to users’ email addresses, associated subject lines of the three social media companies’ support emails were compromised. Tumblr warned users that because subject lines could include their blog addresses, hackers may be able to associate their emails with their blogs. But there’s no indication they accessed any passwords or other data.
San Francisco-based Zendesk is used by some 25,000 companies. Other customers include Sony Music, Disney, Vodafone, Groupon and Kickstarter.
Twitter is sending below message to it users.
Twitter – along with a number of other companies – uses a customer support portal called Zendesk. Zendesk recently blogged about a significant security breach. In order to ensure those who may be impacted by this breach are notified as quickly as possible, we are sending this notification to all email addresses, including this one, that we believe could have been involved.
Zendesk’s breach did not result in the exposure of information such as Twitter account passwords. It may, however, have included contact information you provided when submitting a support request such as an email, phone number, or Twitter username. Further information about the breach can be found in their blog post.
We do not believe you need to take any action at this time but wanted to ensure that you were notified of this incident.
Tumblr is sending below email to its users.
Important information regarding your security and privacy
For the last 2.5 years, we’ve used a popular service called Zendesk to store, organize, and answer emails to Tumblr Support. We’ve learned that a security breach at Zendesk has affected Tumblr and two other companies. We are sending this notification to all email addresses that we believe may have been affected by this breach.
This has potentially exposed records of subject lines and, in some cases, email addresses of messages sent to Tumblr Support. While much of this information is innocuous, please take some time today to consider the following:
The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address.
Any other information included in the subject lines of emails you’ve sent to Tumblr Support may be exposed. We recommend you review any correspondence you’ve addressed to firstname.lastname@example.org, email@example.com, firstname.lastname@example.org,email@example.com, firstname.lastname@example.org, or email@example.com.
Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive.
Your safety is our highest priority. We’re working with law enforcement and Zendesk to better understand this attack. Please monitor your email and Tumblr accounts for suspicious behavior, and notify us immediately if you have any concerns.
And, Pinterest is sending below email.
An important notice about security on Pinterest
We recently learned that the vendor we use to answer support requests
and other emails (Zendesk) experienced a security breach.
We’re sending you this email because we received or answered a message from you using Zendesk. Unfortunately your name, email address and subject line of your message were improperly accessed during their security breach. To help keep your account secure, please:
Don’t share your password. We will never send you an email asking for your password. If you get an email like this, please let us know right away.
Beware of suspicious emails. If you get any emails that look like they’re from Pinterest but don’t feel right, please let us know—especially if they include details about your support request.
Use a strong Pinterest password. Hackers can sometimes guess very short passwords with no letters or symbols. If your password is weak, you can create a new one.
We’re really sorry this happened, and we’ll keep working with law enforcement and our vendors to ensure your information is protected.
Few days back Apple Inc was attacked by hackers who infected Macintosh computers of some employees.
Few weeks back the microblogging website Twitter has confirmed that unidentified hackers had accessed the website and obtained the data of up to 250,000 of its users.
Twitter, The New York Times, The Wall Street Journal, The Washington Post and the U.S. Department of Energy were also affected by hackers in past few weeks.
China has been accused of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics.
U.S. cyber security firm Mandiant reported over the weekend that it has uncovered evidence that the Chinese military is behind a slew of cyber attacks on U.S. businesses. The White House said it has repeatedly raised concerns about Chinese cyber theft with Beijing.