The phone numbers, emails, and email subject lines of users who contacted three major Internet companies for support have been compromised after hackers infiltrated Zendesk’s system. The three customers: Twitter, Pinterest and Tumblr, according to a Wired report.
No passwords were compromised in the attack and an investigation is underway by authorities.
Zendesk, which provides customer service and support tools to some 25,000 companies, announced the company was compromised in a blog post by CEO Mikkel Svane on Thursday.
“We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had.”
But, as Nick Statt writes for ReadWriteHack, the hacker could use the gained information to launch phishing and other attacks on the compromised users.
Tumblr, Pinterest, and Twitter each sent emails to compromised users suggesting they carefully inspect any email they receive. Tumblr reminded users that company officials will never ask for a password by email in their statement, and to beware of any unexpected emails from the company.
“Your safety is our highest priority,” Tumblr wrote. “We’re working with law enforcement and Zendesk to better understand this attack. Please monitor your email and Tumblr accounts for suspicious behavior, and notify us immediately if you have any concerns.”
Twitter and Pinterest echoed Tumblr in their own statements.
Twitter, facing its second major hacking issue in a year, is taking additional steps in trying to stem such attacks. The company announced on Thursday that it’s been using Domain-based Message Authentication, Reporting & Conformance (DMARC) in its emails to protect user information. The email-based protocol is young, Twitter writes , but it has been adopted by some significant companies like Gmail and Yahoo! Mail as well.
But, as Statt notes, quickly adopting new protocols may not be enough to protect users, saying that companies “need more proactive security measures.” Whether Twitter, Pinterest or Tumblr will adopt such measures remains to be seen.