Zendesk has confirmed a security breach enabled hackers to access their system and reportedly accessed user data belonging to Twitter, Tumblr and Pinterest.
The U.S.-based customer service software provider announced in a blog post on Thursday, a hacker downloaded e-mail addresses of users who contacted three of its clients for support, along with the e-mail subject lines. Zendesk enables companies to outsource many of their customer service functions to it via software tools, and has more than 25,000 clients, according to its Web site.
Zendesk said it has has since patched the vulnerability, blocked access to the hacker after learning about the cyberattack, and is working with its affected clients to assist in their response.
However, Wired news site has learnt Zendesk's three affected customers were social media sites Twitter, Tumblr and Pinterest. According to Wired, all three social media sites have sent e-mails notifying users that Zendesk, whom they used as their customer support vendor, had been breached, and user information had been accessed.
According to a source who spoke to Wired news site, some customers also may have had their phone numbers revealed, but no passwords, password hashes, or even encrypted passwords were revealed. Neither Twitter, Pinterest nor Tumblr are aware of any user accounts that were compromised by the attack.
This comes on the heels of last week's announcement by Facebook it had been hacked last month, caused by a Java zero-day exploit that has since been fixed. The social network maintained no user data was compromised. On Tuesday, Apple also revealed it was hacked by the same group that attacked Facebook, using the same Java exploit.