2013 is turning out to be the year of the hacker, well at least it’s begun that way. So far the attacks have focused on media outlets, social media and tech giants, and one can only assume the government if the source is China as many suspect.
The New York Times, Washington Post and Wall Street Journal have all accused China of being responsible for the attacks on them, though it’s difficult to discern why they would be phishing for Maureen Dowd’s email password.
Last week saw Facebook Inc (NASDAQ:FB) come clean about an attack that utilized a Java zero-day exploit. Within hours of this announcement, Apple Inc. (NASDAQ:AAPL) was forced to reveal that they had been targeted by the same group using the same Java exploit.
Today saw users of Twitter, Tumblr, and Pinterest joining their ranks through an attack on a shared third-party customer service company, Zendesk.
Zendesk, who has more than 25,000 customers, allows their clients to outsource many of their customer service functions to it via software tools. It was Wired magazine rather than Zendesk, who “outed” the companies that were affected by the attack forcing Zendesk to respond to Wired.
“Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system,” says CEO, Mikkel Svane, on the company blog.
“We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines.
“We’re incredibly disappointed that this happened and are committed to doing everything we can to make certain it never happens again,” says Svane.
“We’ve already taken steps to improve our procedures and will continue to build even more robust security systems. We will continue to diligently work with our affected customers to mitigate any impact.”
This is not the first time that Twitter has been hit by hackers this month. In early February, Twitter reported that 250,000 of its users information had been compromised. Unlike this attack it included users’ passwords in addition to personal information.
In an email to affected users, Twitter wrote, “Zendesk’s breach did not result in the exposure of information such as Twitter account passwords. It may, however, have included contact information you provided when submitting a support request such as an email, phone number, or Twitter username.”
While this latest attack might seem fairly benign, it represents a growing wave of security issues that must be addressed to reassure customers worldwide.