The customer support software company has announced a data breach dating back to 2016, impacting nearly 10,000 clients.
In a blog post, Zendesk stated that it had been alerted by a third party about a security matter which may have impacted the “Zendesk Support and Chat products and customer accounts of those products activated prior to November of 2016.”
Approximately 10,000 Zendesk Support and Chat accounts, including expired trial accounts and accounts that are no longer active, had been identified as having their account information accessed without authorisation prior to November 2016.
Following an investigation, it was discovered that agent and end-user names, contact information, usernames and hashed and salted passwords might have been accessed.
Additionally, authentication information for approximately 700 accounts was also accessed including; Transport Layer Security (TLS) encryption keys provided to Zendesk by customers were also accessed, as well as the configuration settings of apps installed from the Zendesk app marketplace or private apps.
There has been no evidence to show that the passwords were used to access Zendesk services.
“As a precautionary measure, in the next 24 hours, we are starting to implement password rotations for all active agents in Support and Chat, and all end users in Support created prior to November 1, 2016,” said Zendesk.
“This password rotation will impact all other products which share authentication with Support, including Guide, Talk and Explore. Upon their next login, each of these users will be required to create a new password. You will not be impacted by this if we have been able to identify that you have updated your password since November 1, 2016 or have implemented Single Sign-on in connection with your account.”