updated 11:27 pm EST, Thu February 21, 2013
User emails, subject lines, and email headers potentially downloaded
In a post on its blog, customer support outsourcing firm Zendesk has reported that a hacker had penetrated its systems, and had purloined data from its customers, including Tumblr, Twitter, and Pinterest. Zendesk officials believe that the attacker was able to download email addresses and subject lines from support mails sent to its clients.
In an email sent to its clients, Tumblr says that emails sent to its support, abuse, DMCA, legal, enquiries, and law enforcement mail boxes were vulnerable to data loss. Tumblr wants that some emails may have included the name of a user's website, giving the attacker the capability to pair email addresses with the websites, and any other sensitive information included in the email header.
Tumblr writes in its email that "we're working with law enforcement and Zendesk to better understand this attack. Please monitor your email and Tumblr accounts for suspicious behavior, and notify us immediately if you have any concerns." Similar emails have been sent from Twitter and Pinterest informing users of the breach.
The Zendesk blog post notes that the company is working with law enforcement to determine the perpetrator of the attack. The post claims that "we are also completely committed to working with authorities to bring anyone involved to justice and make certain we fully understand what happened. As this process unfolds, we aim to update our customers in as transparent and timely a manner as possible about new developments."