Freshdesk is a SaaS helpdesk and support software that is used by more than 100,000 companies worldwide. During a security review for one of our customers, we came across a security vulnerability in Freshdesk that exposed user chat and data for all users of customers of Freshdesk who were using the Freshdesk mobihelp Mobile SDK. Freshdesk has promised to inform all its customers who are affected and would be deprecating the current SDK. We reported the issue on 12 Dec 2016. A temporary fix was deployed on the same day and it was completely fixed on 26 Dec 2016.

It should be noted that your users data leak can happen from any of the third party softwares including customer support, analytics and . If possible, try to minimise sending a lot of personally identifiable information to other system other than what is absolutely required. It should be noted that a vulnerability was disclosed by Zendesk, a Freshdesk competitor in the past.

Here is the mail that was sent to Freshdesk describing the technical details of the issue.