Social networks have become major targets for attackers, who value the implied trust that users have in their friends’ accounts. Compromising a large number of accounts on one of the major networks can be a major boon. The latest evidence of attackers’ interest in these networks came this week when a customer-support portal that works with Twitter, Pinterest and Tumblr was compromised and emails belonging to customers of those companies were stolen.
All three companies sent out emails to affected customers, notifying them of the incident and warning that their email addresses may have been compromised. Officials at Zendesk, an online support portal, posted a notice on the company’s blog with the heading “We’ve been hacked”. The Zendesk hack notice says that the company became aware of the attack on its network sometime this week.
“Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response,” Mikkel Svane, the Zendesk CEO, wrote in the blog post.
Svane did not identify the customers that were affected, but Twitter, Tumblr and Pinterest, three of the larger social networks, all sent notification emails to their users in the last 24 hours. The message Twitter sent to affected users said that information compromised in the attack could include users’ emails, phone numbers and Twitter usernames.
“Twitter–along with a number of other companies–uses a customer support portal called Zendesk. Zendesk recently blogged about a significant security breach. In order to ensure those who may be impacted by this breach are notified as quickly as possible, we are sending this notification to all email addresses, including this one, that we believe could have been involved,” the Twitter email notification says.
Security experts say that maintaining security on social networks can be difficult, but there several key things users can do to protect themselves. First, never reuse passwords from one account ot another. If an attacker gets access to your Twitter password, for example, is you’ve reused that password on other sites, the danger of the attack is multiplied several times. Second, avoid using your normal personal email address as a registration credential for these services. Use a disposable email address or one from a free webmail provider such as Yahoo and use it only for the purpose of registering for such networks.