Update - March 3, 2016: For up-to-date information on how Zendesk stays current with best-in-breed security practices, visit Zendesk Security. Major updates since the below post include the addition of certifications such as our Soc 2 Type II and ISO 27001.
Original post published on Feb 21, 2013 below:
We feel that it's important our customers receive an update from us on a recent security situation. We have an investigation underway and do not have the answer to every question.
We've become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.
We apologize to our customers and to their users.
Our investigation thus far has revealed that no other Zendesk customers (or their users) were affected.
We're incredibly disappointed that this happened and are committed to doing everything we can to make certain it never happens again. We've already taken steps to improve our procedures and will continue to build even more robust security systems. We will continue to diligently work with our affected customers to mitigate any impact.
We are also completely committed to working with authorities to bring anyone involved to justice and make certain we fully understand what happened. As this process unfolds, we aim to update our customers in as transparent and timely a manner as possible about new developments.
Should you have any questions, please contact us at (415) 287-9976 or firstname.lastname@example.org.