Zendesk confirms its data security breach via an announcement posted on its website. Around 10,000 users became compromised in the breach. 700 of these accounts belonged to customers of the company.
The company is a customer support ticketing platform. According to ZDNet, it became aware of the breach on September 24, 2019, three years after hackers accessed its server. The breach originally dates back to November 2016.
Approximately 10,000 Zendesk accounts and users have been compromised by the incident. The information obtained by hackers includes full names, email addresses, and phone numbers of agents and users of Zendesk products. Apart from these, hashed and salted passwords from agents and end-users were also mined by hackers.
In addition to this sensitive and private information, the hacking entity also successfully accessed data from different Zendesk users. These include the Transport Layer Security (TLS) encryption keys and the configuration settings of applications found on the Zendesk app.
In the statement made on its website, Zendesk states that it became aware of the incident via a third party. Despite hackers gaining access to company information, the business maintains that they did not experience another breach in its system.
Addressing the Problem
To aid possibly affected individuals, the customer support ticketing platform is currently conducting an investigation surrounding the issue. It hired third-party forensic experts to determine the compromised information.
Moreover, it also alerted its internal data security response team to the issue. Its team is currently continuing investigations, with Zendesk promising full resources and cooperation on its end. The attention of law enforcement authorities and global regulatory organizations were also called immediately after being notified about the incident.
Following this, the customer support ticketing platform is in the process of communicating and informing all affected individuals. The company has also strengthened its customer accounts to address the issue.
Part of its solution is implementing password rotation for its customer service agents in its Support and Chat departments. The password rotation scheme is slated to affect the products and services of the company, including Guide, Talk, and Explore.
Zendesk also urges its users to change their passwords and other relevant credentials.
Based on the report released by ZDNet, this is the second data breach that impacted the company. The first breach happened in 2013, affecting only Pinterest, Tumblr, and Twitter.
However, this 2016 data breach could affect bigger company customers. Possible companies affected by this incident include Airbnb, Shopify, Slack, Tesco, and Uber, reports ZDNet.