February 27, 2013
Twitter, Pinterest and Tumblr have all warned users that some of their personal data might have been compromised following a security breach at customer service software provider Zendesk.
Zendesk disclosed the security breach on its blog Thursday evening, noting that a hacker broke into its system this week, and gained access to the support information of three major customers. The company believes the hacker downloaded the email addresses of Tumblr, Twitter, and Pinterest customers who attempted to get support from the companies.
All three companies promptly notified users of the data breach. Twitter said the incident affected a "small percentage" of users.
"Zendesk's breach did not result in the exposure of information such as Twitter account passwords," Twitter wrote in a message to affected users, according to Wired. "It may, however, have included contact information you provided when submitting a support request such as an email, phone number, or Twitter username."
Pinterest and Tumblr sent similar messages. The companies advised affected users to be cautious of any unexpected emails they receive.
"Don't share your password," Pinterest warned. "We will never send you an email asking for your password. If you get an email like this, please let us know right away.
Upon discovering the attack, Zendesk patched the vulnerability, closing the hackers' access to its system, the company said. Zendesk has also taken steps to improve the security of its systems to ensure a similar incident does not recur.
"We are also completely committed to working with authorities to bring anyone involved to justice and make certain we fully understand what happened," Zendesk said.
Though it does not appear that any passwords were taken, the hack could still have serious ramifications, Graham Cluley, senior technology consultant at anti-virus firm Sophos, wrote in a blog post Friday.
"For instance, the hackers who have stolen the email addresses could now craft malicious emails to the email addresses of Twitter, Pinterest, and Tumblr users and try to trick them into clicking on dangerous links or attachments," Cluley wrote. Affected users should be cautious about opening any attachments in unsolicited emails or clicking on embedded links.
Quality News Today is an ASQ member benefit offering quality related news
from around the world every business day.