The big picture here is that three customers' data was compromised -- customers in this context means entire platforms using Zendesk for support, not users. If the customers were, say, WePay, Box.net and OpenTable (random companies taken from their portfolio), this is potentially hundreds of thousands of users.
Also, it is a big deal because (as a former support person I know this), users often send in sensitive info with their support requests: SSNs, full credit card info with CVV data, date of birth (yes, sometimes all in the same message).
It doesn't sound like the investigation is complete, so we really don't know what was exposed. If this was a sophisticated intrusion, the attackers may have covered the evidence that a lot more was taken, but just didn't quite get it all cleaned up.
What a short-sighted comment. Dig a little further down. If this is their reponse to an issue that affects three customers it sends a message that every customer is important. Their reponse makes me, a potential customer, trust that they take these matters seriously.
Obviously you can also take the opinion that this should have never happened and question their competence and security. I personally weigh their response and transparency more than the issue itself, but it may seem easier since the impact to overall customers was relatively small.
Their response seems to have been handled well and may even generate some positive PR. That may change if it turns out to have been one of the recent Rails security flaws.
My thoughts exactly, lol. The headline is truly hilarious when you consider the typically quite spectacular number of compromised accounts reported in most other high-caliber incidents.
For the record, when I wrote the above comment, the headline of this thread was "Zendesk was hacked, 3 customers affected". It has been changed since, without due notice of course. I wonder why...
Now, my comment looks like I'm a nutjob and have a personal gripe with Zendesk or something.
That the three customers were Twitter, Pinterest and Tumblr didn't come out until later as well.
The original title still makes perfect sense. Maybe "3 customers" made sense to me because I'm already familiar with Zendesk, but it immediately struck me as a big deal.
Also, it is a big deal because (as a former support person I know this), users often send in sensitive info with their support requests: SSNs, full credit card info with CVV data, date of birth (yes, sometimes all in the same message).