Zendesk, the customer service solutions provider, had a data breach as a consequence of hackers phishing employee account credentials. Last week, the cryptocurrency trading and portfolio management firm Coinigy disclosed that Zendesk had warned them of a cybersecurity breach.
According to the email that Coinigy received, Zendesk discovered on October 25, 2022, that multiple workers were the victim of a “sophisticated SMS phishing campaign.” Between September 25 and October 26, 2022, the attackers were able to obtain unstructured data from a logging platform due to several employees who fell into the trap and gave them their login information.
Zendesk informed Coinigy that as part of its continuing investigation, it has perhaps found service data related to the company’s account in the logging platform data on January 12, 2023. Although Coinigy’s Zendesk instance was not accessed, according to Zendesk, the company’s investigation is still underway. It doesn’t appear that Zendesk posted a comment or notification about this occurrence on its website, and the business hasn’t replied to questions from the media.
However, based on the information at hand, it is possible that the attack on Zendesk is connected to the 0ktapus campaign, in which a threat actor with apparent financial motivation targeted more than 130 organizations between March and August 2022, including well-known firms like Cloudflare and Twilio. Cryptocurrency firms were among the victims of the 0ktapus attackers, who employed SMS-based phishing messages to steal employee login information.
It’s probable that the same hackers that attacked Twilio and Cloudflare in August also attacked Zendesk since there was no sign that the campaign was not still active. While Coinigy appears to have learned of the data breach from Zendesk only in January 2023, other victims seem to have known about it far earlier.
In November, the US-based cryptocurrency exchange Kraken alerted users about a breach involving Zendesk that entailed phishing and illegal access to the logging system. According to Kraken, accounts and cash were not in danger at the time, but the attackers read the support requests’ content, including details like name, email address, date of birth, and phone number. This is not the first data breach that Zendesk has acknowledged. The business disclosed in 2019 that it had learned of a security breach that affected about 10,000 accounts.