Customer service software provider Zendesk has suffered an internal systems breach, revealing that a hacker gained unauthorised access to its systems and stole details from three major customers.
The company posted a security update today to tell customer it had patched a vulnerability and closed the hole through which a hacker gained access to its system this week. An investigation had found the hacker accessed the support information for three major clients, the company said.
The hacker downloaded email addresses of users of those clients, according to the statement. The clients have been notified.
Zendesk’s cloud-based customer support platform services more than 25,000 customers globally.
Twitter was one of the three clients affected. Pinterest and Tumblr were also hit, Wired reported.
Twitter’s support account said the company was emailing a small percentage of Twitter users who may have been affected by Zendesk's breach, but said no passwords were involved.
Both Tumblr and Pinterest emailed users warning them to be wary of emails purporting to be from either social media company, Wired reported. Both said they would never ask customers for passwords, and were working with law enforcement to understand the attack and protect user safety.
“We apologise to our customers and to their users,” Zendesk said in a statement.
"We’re incredibly disappointed that this happened and are committed to doing everything we can to make certain it never happens again. We’ve already taken steps to improve our procedures and will continue to build even more robust security systems.
"We will continue to diligently work with our affected customers to mitigate any impact.”