The Target: Zendesk, a customer solutions service provider.
The Take: Access to an internal logging database which may have contained service data belonging to Zendesk and its customers.
The Vector: An employee’s credentials were compromised though an SMS phishing attack which led to the employees handing over their login credentials to the attackers.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. Regular social engineering and phishing awareness training are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.