Zendesk hack points to overall vulnerability on the Web

Twitter, Pinterest, and Tumblr have notified their users of a security breach from Zendesk, the customer-software provider that handles their support questions. The breach may confirm a need for tougher security standards for websites and applications.

|
Pinterest
Pinterest was one of the websites affected by the Zendesk security breach. A small percentage of Pinterest users were notified that their correspondences with support services were accessed by a hacker.

Zendesk is the latest victim of hacking, which means that Twitter, Pinterest, and Tumblr are also the latest victims of hacking.

The customer-software provider, which organizes support inquiries from the social media sites, notified its customers of a security breach this week. A hacker accessed the system and downloaded emails from users who have contacted the social media sites’ support departments, according to the Zendesk blog.

“We are also completely committed to working with authorities to bring anyone involved to justice and make certain we fully understand what happened,” Zendesk says on its blog. “As this process unfolds, we aim to update our customers in as transparent and timely a manner as possible about the new developments.

A Tumblr spokeswoman said in a statement that the security breach exposed e-mail addresses and subject lines, which may have noted the users’ Tumblr blog address. Those who may be affected are encouraged to review their correspondence with Tumblr’s support addresses: support@tumblr.com, abuse@tumblr.com, dmca@tumblr.com, legal@tumblr.com, enquiries@tumblr.com, and lawenforcement@tumblr.com.

“Your safety is our highest priority," the Tumblr statement reads. "We’re working with law enforcement and Zendesk to better understand this attack."

Pinterest and Twitter also contacted users who may have been affected by the breach, warning them to not give password information and to notify them of any issues, according to their statements.

Twitter posted account security tips on its blog Tuesday, reminding its users to have strong passwords and be wary of suspicious links and information requests.

But strong passwords and security complaints alone may not protect users from stolen e-mails or passwords. Zendesk's breach emerged the same week President Barack Obama issued an executive order to improve infrastructure cybersecurity.

“The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront,” the executive order states. “The national and economic security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats.”

Carl Landwehr, a research scientist at the Cyber Security Policy and Research Institute at George Washington University, agrees that the slew of recent hacks point to a larger problem with infrastructure cybersecurity.

"We have a lot of systems out there that are not build to any particular standard, and so they tend to have vulnerabilities in them," Mr. Landwehr says. "That's not because people don't try to remove them, but because it's actually difficult."

With online software and services developing at such a rapid pace, it's not surprising that applications and services may not have high security standards, Landwehr notes. The marketplace tends to grade websites and applications based on their reliability (their day-to-day functionality) meaning that small security bugs tend to go unseen, at least until a hack. 

"I wouldn't seek to blame anybody in particular for these things," he says. "The marketplace doesn't have a way of rewarding people who do a better job." 

One solution may be a set of guidelines for programmers and developers, Landweher says. A "building code" would need to regulate online infrastructure without restricting innovation, it could lead to stronger websites and applications that protect everything from one's personal blog to confidential financial or national security material.

“I certainly won’t be happy if my personal data gets compromised, but I’ll be much more concerned if the financial industry infrastructure or the national power grid gets compromised,” he says. 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Zendesk hack points to overall vulnerability on the Web
Read this article in
https://www.csmonitor.com/Technology/2013/0222/Zendesk-hack-points-to-overall-vulnerability-on-the-Web
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe