Zendesk Publishes Security Notice That Affects Older ClientsByBill Toulas-October 3, 2019.745 Zendesk was infringed in 2016 but has just been found out. Although password resetting and token rotation are taking place right now, the organization is still carrying out its investigation. Zendesk’s successful customer support has announced a data breach in 2016. Consequently, the clients affected by this incident are those who built their accounts on the platform before November 2016. The Zendesk team claims that only a small percentage of their customer base has been affected and clarifies that on September 24, 2019, they only confirmed this. They are currently working with a team of forensic experts from third parties to determine the exact type of data which has been exposed. At the same time, the internal data protection response team around Zendesk has implemented protocol protocols and is also conducting their investigation on the incident. Already informed were the law enforcement authorities and all the appropriate regulatory agencies. What can be said with confidence right now is that there are about 10000 exposed Zendesk Help and Chat accounts. The leaked data contains user passwords (hashed and salted) names of phone numbers, and email addresses. Zendesk points out that many of those accounts are no longer active or that trial accounts have expired. Today Zendesk is going through a measure of “password rotations” as a precaution and that will impact all users of all their products (Support Guide Talk Explore) who built their accounts before November 1st 2016. If you attempt to login to the site and a compulsory password reset phase is met this means you are affected. Besides this, you can receive an email from Zendesk informing you about the incident and the chances of leakage of your Pii and other sensitive information. In any case we suggest resetting your password by uploading a new Tls certificate to Zendesk and rotating your Api tokens. Erica Faltous of Zendesk has told “The Register” that they do not assume that any login credentials have actually been compromised as they have not seen any unauthorized access to the sites yet. Since the incident took place so far back in time there should be some sort of an attempt to exploit the stolen data but there was apparently no one. While reporting this incident nearly three years after it happened and claiming that you’ve just learned it doesn’t help win the trust of your client or convince them of anything. Another important group of side-channel speculative execution vulnerabilitiesSpectre and Meltdown have been discovered by a consortium of university researchers and cyber-security professionals. This new vulnerability class has been called “Microarchitectural Data Sampling” (Mds) and could potentially allow an attacker to access the microarchitectural data structures within the main Cpu cache. The processor temporarily stores information for quick access and processing inside those caches so that the operation of the user is expressed there without any thought of protection or privileges and this means that an intruder can read and copy anything including passwords from the administrator. Intel has already recognized the problem and is already pushing a microcode patch that clears all data within certain clearly defined safety-respecting intervals from these microcache buffers. It ensures you must have received updates that address the four vulnerabilities found irrespective of what Os you are using. In reality, even Linux users are not free from the vulnerabilities that have been disclosed and have to update to kernel version 5.1.2 which plugs the issues. Apple users have also received an update with macOs Mojave 10.14.5 which fixes the vulnerabilities today. The four vulnerabilities found are: Cve-2018-12126 Microarchitectural Store Buffer Data Sampling (Msbds) dubbed ‘ Fallout ‘; Cve-2018-12130 Microarchitectural Fill Buffer Data Sampling (Mfbds) dubbed ‘ Zombieload; ‘ Cve-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (Mdsum). While Intel classifies the first three as “Low Severity” researchers view the “Zombieload” bug as the most nastiest of all because it operates on a wide range of applications even if it runs in virtual boxes or cloud. It is not limited to executing native code, and works across boundaries of virtualization. According to the researchers, the only way to tackle this is to shut off the hyperthreading and flush the buffers as explained above. Check out Intel’s product list here for a full list of the Intel processors that are affected by this new set of Mds flaws. You are most likely affected by a bulk estimate if your processor was made between 2011 and 2017 and should install the microcode fix right away. Those who use Cpus that left Intel’s production lines in 2018 and later have Mds-resistant processors due to the variations in spectra and meltdown that still exist out there. You are protected when using Amd or Arm chips as this whole story is not applicable to those types of Cpus.