Data on an unknown number of Twitter, Tumblr and Pinterest users is at risk after customer service software provider Zendesk was hacked.
It says that information was downloaded on users of three of its clients, whose identities were outed by Wired. Affected users have already been contacted by the company, it says.
“Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system,” says CEO Mikkel Svane on the company blog.
“We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines.”
This latest hack comes just days after attacks on Apple and Facebook, both of which used the same Java zero-day exploit. It’s not clear how the Zendesk attack was carried out, but Zendesk says it’s investigating.
“We’re incredibly disappointed that this happened and are committed to doing everything we can to make certain it never happens again,” says Svane.
“We’ve already taken steps to improve our procedures and will continue to build even more robust security systems. We will continue to diligently work with our affected customers to mitigate any impact.”
Things could be worse: passwords weren’t revealed, says Zendesk. It appears that the only data stolen was email addresses and subject lines, although it’s possible some phone numbers were exposed too. Subject lines may, though, be revealing in the case of Tumblr users, who are likely to have included their blog addresses in emails to customer support.