Zendesk hit by phishing-related data breach

SecurityWeek reports that customer service solutions provider Zendesk had its network breached last year following a "sophisticated SMS phishing campaign" that resulted in the exfiltration of employee attack credentials. Several Zendesk employees have been targeted by the phishing attack, enabling attackers to access Zendesk's logging platform data between Sept. 25 and Oct. 26, said Zendesk in a letter sent to cryptocurrency trading and portfolio management firm Coinigy this month. Further investigation into the incident noted that the logging platform data may have included service data belonging to Coinigy's account but there has been no evidence suggesting the compromise of the cryptocurrency firm's Zendesk instance. Other organizations impacted by the breach may have been informed earlier, with U.S. cryptocurrency exchange Kraken notifying customers regarding the Zendesk incident in November. No further information regarding the attack has been provided by Zendesk but the incident may be associated with the 0ktapus campaign, which has already targeted over 130 entities from March to August 2022.