Zendesk Discloses Chat Data Breach
Zendesk has disclosed a data beach involving 10,000 Zendesk Support and Chat accounts. The IT service management (ITSM) and customer service support provider learned of the breach on September 24, 2019 — though the actual issue occurred before November 2016.
Zendesk’s stock fell about 4 percent as investors digested the breach disclosure news today (Wednesday, October 2, 2019).
The breach involved personally identifiable information (PII) and other Service Data. The PII information spanned:
- Email addresses, names and phone numbers of agents and end-users of certain Zendesk products, potentially up to November 2016.
- Agent and end user passwords that were hashed and salted – a security technique used to make them difficult to decipher, potentially up to November 2016.
Still, Zendesk — which has been building a partner program — found no evidence that those passwords were used to access any Zendesk services in connection with the incident. Also, the company has found no evidence that ticket data was accessed in connection with this incident.
Authentication Information: At Risk for Some Customers?
Moreover, the incident involved certain authentication information for approximately 700 customer accounts. That portion of the breach involved:
- Transport Layer Security (TLS) encryption keys provided to Zendesk by customers.
- Configuration settings of apps installed from the Zendesk app marketplace or private apps. This may include integration keys used by those apps to authenticate against third party services.
Zendesk posted a frequently asked questions/FAQ page as well as an email address (firstname.lastname@example.org) for those who may have more questions about the incident. The company is also reaching out to all customers that were potentially impacted by the breach.
Hackers Target IT Support Software Platforms
Hackers have increasingly targeted chat, remote control and RMM (remote monitoring and management) software platforms that MSPs leverage.
The fallout has included:
- An MSP paying hackers $150,000 to unlock data;
- hackers specifically targeting MSP software platforms to launch ransomware attacks; and
- Ryuk ransomware hitting a CSP that works closely with MSPs.
Hackers worldwide have been hitting MSPs of all sizes — not just global technology service providers. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Amid those challenges, the MSP industry (spanning technology companies, service providers and more) could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.
Amid that threat landscape, MSP software providers and their channel partners are increasingly activating two-factor authentication as a means to stop hackers from entering systems.