Compromised Zendesk Employee Credentials Lead to Breach
Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.
Stolen credentials can enable account takeover and lateral movement; phishing-resistant MFA, password managers, and rapid revocation reduce the risk.
Search across headline titles and summaries.
Background for this topic.
Credentials are the data used to verify a user's identity to a system, commonly including usernames, passwords, security tokens, or biometric identifiers. They serve as gatekeepers for access to accounts, applications, and sensitive information. Attackers target credentials to impersonate users, escalate privileges, or gain unauthorized system access.
Compromise of credentials can occur through phishing, credential stuffing, or theft from insecure storage. Effective defenses include enforcing strong, unique passwords, implementing multi-factor authentication (MFA), and securely storing credentials using hashing or encryption. Monitoring for unusual login patterns and promptly revoking compromised credentials are also critical to limit attacker impact.
Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.
Payments giant says attacks happened in early December
The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.
That passwordless option is looking really good right about now The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company's customers this week.…
Starting in September 2022, the 'Roaming Mantis' credential theft and malware distribution campaign was observed using a new version of the Wroba.o/XLoader Android malware that incorporates a function for detecting specific WiFi routers and changing their DNS. [...]
PayPal is sending out notices of a data breach to thousands of users who had their accounts accessed by credential stuffing actors, resulting in the compromise of some personal data. [...]
Thousands reportedly suffer compromise after possible credential stuffing campaign