Zendesk Finds Out About Data Breach Three Years After it Occurred

Customer service software company Zendesk has been alerted to a data breach that occurred three years ago.

A third party told Zendesk about the attack, which impacted customer accounts that were activated before November 1, 2016. According to a Zendesk blog post, the attack affected the Support and Chat accounts of around 10,000 users. The data that was accessed included email addresses, names and phone numbers of agents and end-users of certain Zendesk products, and agent and end user passwords that were hashed and salted.

Zendesk also said another 700 customer accounts had authentication information accessed, including "Transport Layer Security (TLS) encryption keys provided to Zendesk by customers" and "configuration settings of apps installed from the Zendesk app marketplace or private apps. This may include integration keys used by those apps to authenticate against third party services."

Zendesk - the customers of which number around 145,000 and include Uber, Airbnb, Shopify, Slack, OpenTable and Zoosk - has gone into damage mode.

The company launched an investigation into the incident and engaged the services of a team of external forensic experts, as well as activating their own internal data security response team and protocol, and informing law enforcement and global regulatory agencies.

"Customers are being informed directly and kept up-to-date with the processes put in place to safeguard their accounts and data, while the Zendesk Security teams are also informing them of additional actions they can take themselves," said Maarten Van Horenbeeck, Chief Information Security Officer with Zendesk. "We are also implementing password rotations for all active agents in Support and Chat, and all end users in Support created prior to November 1, 2016."

This isn't the first time Zendesk has been breached. In 2013 a hacker infiltrated the company's systems and accessed the data of numerous customers. At the time Zendesk said they had "taken steps to improve our procedures and will continue to build even more robust security systems."

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.