Data breach in Zendesk; over 10k companies affected. Find out if your company’s data was exposed

Data protection specialists report a data breach at customer support software company Zendesk that would have compromised information from about 10k accounts of Support and Chat services created prior to November 2016. The company is currently notifying its customers. Zendesk services are used by nearly 150k companies around the world, including Uber, Airbnb and Shopify.

According to reports, it was a third party which notified the company about the incident that affected its products and the accounts of customers with activity prior to the aforementioned date.

In a statement, the company said: “Our investigation is still ongoing; however, we have already been able to confirm that information belonging to a small portion of our customers has been compromised during this incident.”

Zendesk states that it has so far not been possible to determine whether all accounts created before November 2016 were affected; as a security measure, the company decided to notify about the data theft to all account owners.

So far, the company has been able to conclude that the compromised details include:

  • Usernames and hashed passwords
  • Transport Layer Security (TLS) certificates
  • Details about service settings, including integration keys and passwords used in Zendesk apps

In addition to the notification, Zendesk published a list of some security tips for potentially affected users. According to data protection specialists, the list includes recommendations such as:

  • Reset login credentials for any Sendesk service or other private applications
  • In case the user uploads a TLS certificate still in force in Zendesk before the mentioned date, it is recommended to upload a new certificate, revoking the previous one

This is not the first time a similar incident occurs in Zendesk. In 2013, data protection specialists from the International Institute of Cyber Security (IICS) reported a data breach in the company; on that occasion, a hacker managed to infiltrate several Zendesk systems to access user data without authentication or authorization.