Customer service solutions provider Zendesk has suffered a data breach that resulted from employee account credentials getting phished by hackers.
Cryptocurrency trading and portfolio management company Coinigy revealed last week that it had been informed by Zendesk about a cybersecurity incident.
According to the email received by Coinigy, Zendesk learned on October 25, 2022, that several employees were targeted in a “sophisticated SMS phishing campaign”. Some employees took the bait and handed over their account credentials to the attackers, allowing them to access unstructured data from a logging platform between September 25 and October 26, 2022.
Zendesk told Coinigy that, as part of its ongoing review, discovered on January 12, 2023, that service data belonging to the company’s account may have been in the logging platform data. Zendesk said there was no indication that Coinigy’s Zendesk instance had been accessed, but its investigation is still ongoing.
Zendesk does not appear to have published any statement or notice related to this incident on its website and the company has not responded to SecurityWeek’s inquiry.