Compromised Zendesk Employee Credentials Lead to Breach

Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.

Zendesk login screen
Source: Sharaf Maksumov via Alamy Stock Photo

It has come to light that the Zendesk software-as-a-service (SaaS) company for customer relationship management (CRM) was compromised in October, exposing client account data to a threat actor, according to an email sent to affected accounts on Jan. 13, 2023.

The email from Zendesk with the details of the security incident was made public by Coinigy, which provides virtual wallet services and "felt the need to disclose it to our customers," Coinigy's post about the compromise explained.

Zendesk explained in the email to Coinigy that the breach was the result of an SMS phishing campaign targeting Zendesk employees.

"Zendesk determined that Service Data belonging to your account may have been in the (exposed) unstructured logging platform data," the email from Zendesk explained. "There is no evidence suggesting the threat actor accessed the Zendesk instance of your account at any time."

Besides applauding Coinigy's decision to publicly share the compromise details, security researcher Jake Williams was not as encouraged by Zendesk's response.

"The disclosure is vague and references 'unstructured data from a logging platform' which could be just about anything," Williams tells Dark Reading. "The disclosure simply doesn't give enough information for any organization to evaluate what (if anything) they need to do in response."

There's been no word yet as to whether other customers of Zendesk beyond Coinigy are affected.

Zendesk did not respond to Dark Reading's request for comment.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights