It seems that no big company is safe from cyber-criminals right now: a hack attack on customer support service company Zendesk may have exposed user data from social networking websites Twitter, Tumblr and Pinterest.
Zendesk, a customer service outsourcing firm that caters to over 25,000 clients, yesterday announced a security breach of its systems. This breach exposed user data of three of their unnamed customers to hackers. The three customers were later reported to be Twitter, Tumblr and Pinterest. The company said it believed that the hackers downloaded email addresses of users who contacted the three companies for support, as well as support email subject lines.
Zendesk promptly patched the vulnerability and closed the access the hackers apparently had. The company also alerted the three social networking websites and is said to be assisting them in their response.
Zendesk isn't quite as blissful now
Following the development, Tumblr promptly sent out an email to affected members informing them about the breach, “The subject lines of your emails to Tumblr Support may have included the address of your blog, which could potentially allow your blog to be unwillingly associated with your email address. Any other information included in the subject lines of emails you’ve sent to Tumblr Support may be exposed. We recommend you review any correspondence you’ve addressed to firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, or email@example.com.” The mail added, “Tumblr will never ask you for your password by email. Emails are easy to fake and you should be suspicious of unexpected emails you receive.”
Pinterest too shot out a mail to affected users warning them to be careful about mails asking for unnecessary information. The company asked users to get in touch with it if they find suspicious mails that look like they’ve come from Pinterest.
This hack comes as a double blow to Twitter, which recently fell prey to a major attack this month. The micro blogging site had revealed that 250,000 user accounts could have been compromised in that attack.
Twitter wrote on its blog that it detected "unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data." The company claimed that it managed to detect and shut down a live attack within moments, but its investigation had indicated that the attackers may have found limited user information.
Twitter wrote that the hackers could have had access to usernames, email addresses, session tokens and encrypted/salted versions of passwords for about 250,000 users. As a precautionary measure, Twitter sent out emails to these users letting them know that the site had reset their passwords and revoked security tokens for their accounts. All these users had to create new passwords to access their accounts.
With the hack on Zendesk, Twitter clarified that user account information, like passwords, was not exposed. The stolen information may, however, include contact information users provided when submitting a support request such as an email, phone number, or Twitter username. “We do not believe you need to take any action at this time but wanted to ensure that you were notified of this incident,” the company wrote.