How a SMS message allowed taking control of Zendesk company’s network

The security of Zendesk, a company that provides customer care solutions, was breached on October 25, 2022 as a direct consequence of an advanced SMS phishing attack that was directed at the company’s workers. The threat actor gained access to unstructured data from a logging platform for a period of one month beginning on September 25, 2022 and ending on October 26, 2022 as a direct consequence of the breach of the workers’ account credentials.

Customers who were affected by the security breach received an email with more information on the issue, despite the fact that the firm did not publish an official notice or disclosure on its website. Coinigy, a company that offers services related to virtual wallets, was one of the organizations that was impacted and, as a result, got an email from Zendesk support on January 13, 2023. The article that Coinigy wrote about the breach indicated that the company believed it was necessary to report it to its customers and that the email that was sent by Zendesk was made public.

According to the email sent by Zendesk, which provided the explanation, the company had “Zendesk assessed that Service Data relating to your coiningy.zendesk.com account may have been among the (exposed) unstructured logging platform data.” “There is no evidence to imply that the threat actor accessed the Zendesk instance of your coiningy.zendesk.com account at any point,” the message reads. “[Y]our account has not been compromised.”

In spite of the fact that Coinigy was made aware of the problem in January 2023, it seems that Zendesk contacted other victims somewhat sooner. Kraken, an exchange for Bitcoin and other cryptocurrencies, alerted its clients in November of a security issue that had occurred with Zendesk.

According to statements made by Kraken, the attackers were able to examine the contents of support tickets. These tickets included information such as names, email addresses, dates of birth, and phone numbers. Additionally, the exchange said that customer accounts and cash were not at danger.