LinkResearchTools support uses a third-party vendor, Zendesk, to create and manage customer support tickets.
On October 2, 2019, Zendesk tried to notify us of unauthorized access to their systems they found on September 24, 2019, or earlier. The notification was attempted via a single E-Mail to the CEO Christoph C. Cemper, my inbox.
Due to typical spam patterns that single E-Mail was filtered by Outlook Junk Mail, like many 100s others (way too many tracking pixels from the marketing software)
We therefore only noticed and clarified the issue now on the evening of Friday, October 4, 2019, at 5:30pm when actively searching in all E-Mail folders for it.
This incident may have led to exposure of identifying customer information used to open a support ticket, which may include e-mail address or your name.
No ticket data revealed
Zendesk indicated that this unauthorized access did not include the ticket content itself.
LRT users not affected
Zendesk also indicated this issue does not apply to customers (LRT) that have implemented Single Sign-on - which LinkResearchTools uses since 2012.
So LRT users are good anyways?
Yes, we believe that LinkResearchTools (LRT) users are not impacted at all, due to our use of single-sign-on (SSO).
Despite our belief that this means all your data was safe at this point and analysis based on Zendesk's statements, we caution.
If you have opened a support ticket with us in the past, there is a risk that the customer information used to open the ticket may have been shared externally.
But Zendesk’s issue
- did never impact your LinkResearchTools login information
- did never impact any communication you had with LinkResearchTools
- did never impact any information contained in your LinkResearchTools account
There is no direct action you need to take as a result of this incident.
Please be extra-cautious for any kind of attempted phishing attempts via your e-mail you use to communicate with us or Zendesk support helpdesks in general.
If you have any additional questions, please contact our helpdesk via Zendesk or mail to firstname.lastname@example.org
Christoph C. Cemper
Founder & CEO
and the team of
Why just a single mail?
Unfortunately Zendesk still, after 7 years with them, does not support the simple concept tech or admin roles, which would have helped escalate this within minutes via our monitoring systems we use for a lot of even more critical parts of our offering.
Is any personally identifiable information (PII) affected?
LinkResearchTools does not process any personally identifiable information (PII) at all. Also LinkResearchTools data was not affected at any point. Zendesk data was also not affected based on the statement that single-sign on users (SSO) is in use since 2012.