Zendesk, a customer service software provider, announced Wednesday that up to 10,000 of its support and chat accounts may be impacted by a November 2016 data breach. Zendesk learned of the breach on September 24, 2019, after it was alerted by a third-party, almost three years after the breach took place.
As a precaution, Zendesk will begin resetting passwords for users that registered before November 2016. Zendesk has numerous high-profile clients—Uber, Airbnb, and Squarespace, to name a few—that could have been affected; alarmingly, Zendesk suffered a similar cyber incident in February 2013, impacting notable companies including Twitter and Pinterest.
It’s common for companies to learn from partners or other third parties that they have experienced a data breach. Often, when a company is probing its own defenses, it may come upon data that appears to be from a single source, and may point to a breach at another victim. Zendesk has not provided much detail about this incident, but the announcement follows a notification from the delivery service DoorDash confirmed a breach affected 4.9 million customers, workers and merchants.