Zendesk Alerts Users Of Data Breach That Occurred in 2016!

Sometimes it takes months or even years for companies to detect a security breach. A similar thing has happened with the popular customer support platform Zendesk. Recently, Zendesk has disclosed a data breach that dates back to 2016.

Zendesk Data Breach

The customer support ticketing platform Zendesk has confessed to a security incident affecting thousands of customers. As revealed, Zendesk suffered a data breach back in 2016 that impacted 10,000 users.

In a recent security notice, the firm disclosed the incident that remained undetected for around three years. The firm noticed this breach after a security alert from a third-party that affected Zendesk. Nonetheless, it allegedly hit only a small subset of users.

As stated by the firm,

On September 24, we identified approximately 10,000 Zendesk Support and Chat accounts, including expired trial accounts and accounts that are no longer active, whose account information was accessed without authorization prior to November of 2016.

This breach specifically affected Zendesk Support and Chat products. The breached information could include some PII data of some users. Precisely, it included names, email addresses, contact numbers of agents and end-users, and hashed & salted passwords of both the agents as well as the end-users.

Whereas, for some 700 accounts, the information also included TLS encryption keys and app configuration settings.

Security Measures Underway

Upon noticing the breach, Zendesk implemented numerous measures in an attempt to ensure security. They also launched a thorough investigation of the matter that also involves third-party forensic experts. Also, they have reported the matter to law enforcement agencies.

Moreover, they have also informed the affected customers regarding the breach. They are also implementing password rotations requiring users to set new passwords who have not done so since November 1, 2016.

While Zendesk continues the investigation, for more details, users can visit their dedicated FAQ page.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients