Zendesk Security Breach Affects Twitter, Tumblr and Pinterest | Threat Level | Wired.com: "Customer service software provider Zendesk announced a security breach that allowed attackers into its system, where they could access data from three customers this week. Wired learned those three clients were Twitter, Pinterest and Tumblr. The San Francisco-based company announced the breach in a blog post published early Thursday night. Tumblr notified affected users in a tweet at 6:35 p.m. Pacific time; Twitter and Pinterest are expected to do so shortly. Zendesk declined to comment beyond its blog post, titled, appropriately, “We’ve been hacked.” The post reads in part:
"We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response."Exposé of Chinese Data Thieves by Mandiant Reveals Sloppy Tactics | MIT Technology Review: " . . . Mandiant’s report comes a week after President Obama announced a new effort to defend the U.S. against computer attacks that he said were being used to steal corporate secrets and even lay the groundwork for sabotage of energy infrastructure (see “Obama Announces Plan to Shore Up Cyber Defenses”). Mandiant reports that the group it tracked, dubbed APT1, has stolen hundreds of terabytes of sensitive commercial data from at least 141 companies since 2006, and also breached Telvent, a Canadian company whose software is used to remotely manage energy infrastructure. Mandiant alleges that APT1 is part of Unit 61398 of the Chinese army, and is engaged in a campaign to perform industrial espionage to aid Chinese companies and gather intelligence that could be used for computer-based attacks against U.S. energy infrastructure. Most victims were in the U.S. but companies in Canada, the U.K., South Africa, and Israel were also targeted. Mandiant, which helps companies respond to targeted attacks on and infiltration of their computer networks, bases its claims on information from many cases involving the APT1 group over the past six years. In many cases, Mandiant employees covertly watched APT1 operatives at work inside victims’ computers. . . ."
more news below