Skip to main content

Twitter, Tumblr, and Pinterest warn of privacy risk after customer support company Zendesk is hacked (update)

Twitter, Tumblr, and Pinterest warn of privacy risk after customer support company Zendesk is hacked (update)

Share this story

tumblr ios iphone
tumblr ios iphone

The last few weeks have seen a flood of companies being hacked or otherwise attacked online, and the latest is customer-support company Zendesk and some of its clients — including Tumblr. In a post on its blog, Zendesk states that it discovered a hacker had accessed its systems this week, allowing information from three of the company's customers to be downloaded. The problem has since been corrected — and an investigation is ongoing — but Zendesk believes that the attacker was able to retrieve email addresses and subject lines from support emails sent to its clients.

Emails to several different Tumblr addresses may have been vulnerable

As it turns out, one of those clients is Tumblr. In a email sent to potentially-affected customers tonight, Tumblr reiterates the claims made by Zendesk, specifying that emails sent to several Tumblr support addresses may have been vulnerable: support@tumblr.com, abuse@tumblr.com, dmca@tumblr.com, legal@tumblr.com, enquiries@tumblr.com, and lawenforcement@tumblr.com.

Tumblr warns that some emails may have included the name of a user's website, allowing the individuals behind the attack to pair email addresses with the websites themselves — and any other potentially-sensitive information included in the subject lines. "Your safety is our highest priority," Tumblr writes in its email. "We're working with law enforcement and Zendesk to better understand this attack. Please monitor your email and Tumblr accounts for suspicious behavior, and notify us immediately if you have any concerns." We've reached out to Tumblr for comment.

Update: It looks like Twitter and Pinterest are the other two Zendesk clients affected by the breach. Wired has republished similar emails from the two companies warning users that information in support emails may have been compromised.