Zendesk Breach Hits 10,000 Corporate Accounts (Oct 3, 2019)
Zendesk has disclosed a breach going back to 2016, affecting 10,000 corporate accounts. These accounts, accessed by an unauthorized third party, include high profile clients such as Airbnb, OpenTable, and Uber. The information accessed includes email addresses, end-user passwords, names, and phone numbers, along with configuration settings for apps installed via Zendesk marketplace. Users who haven’t updated their passwords since 2016 will be required to upon signing in. No information was provided on how the breach occurred.
Recommendation: For accounts dating back to 2016, Zendesk are recommending uploading new TLS certificates and revoking old ones. Users are also being recommended to rotate authentication credentials used in Zendesk products before the November date.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.