VulnHub

Real-time Cybersecurity News

Hims & Hers warns of data breach after Zendesk support ticket breach

BleepingComputer
PhishingData Breach

Overview

Hims & Hers Health, a telehealth service provider, has reported a data breach due to stolen support tickets from Zendesk, a third-party customer service platform. This incident raises concerns as it potentially exposes sensitive information from users who sought medical advice or treatment through the service. The company is urging affected users to stay vigilant about their personal information and to monitor their accounts for any suspicious activity. This breach underscores the risks associated with relying on third-party vendors for customer support and handling sensitive data. Users should be aware of possible phishing attempts or unauthorized access to their accounts following this incident.

Key Takeaways

  • Affected Systems: Hims & Hers Health user data, Zendesk support tickets
  • Action Required: Monitor accounts for suspicious activity; users should be cautious of phishing attempts.
  • Timeline: Newly disclosed

Original Article Summary

Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. [...]

Impact

Hims & Hers Health user data, Zendesk support tickets

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Monitor accounts for suspicious activity; users should be cautious of phishing attempts.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Data Breach.

Read Original Article

Related Coverage

BrowserGate: LinkedIn Tracks 6,000+ Browser Extensions on Users’ PCs

Hackread – Cybersecurity News, Data Breaches, AI and More

LinkedIn is facing scrutiny after a report revealed that it tracks over 6,000 browser extensions installed on users' devices. This practice raises serious privacy concerns, as many users may not be aware that their browsing habits could be monitored through these extensions. The BrowserGate report emphasizes that such extensive tracking can lead to potential misuse of personal data. Users of LinkedIn, especially those who rely on various browser extensions for productivity, should be aware of this issue and consider the implications for their privacy. The situation calls for a closer examination of data collection practices by major platforms and how they handle user consent.

Apr 5, 2026

Hackers exploit React2Shell in automated credential theft campaign

BleepingComputer

Hackers are actively exploiting a vulnerability known as React2Shell (CVE-2025-55182) to automate the theft of user credentials from Next.js applications. This attack targets systems that have not been updated or patched against this specific vulnerability, making them susceptible to unauthorized access. Researchers have observed that this campaign is widespread, indicating that many developers using vulnerable versions of Next.js may be at risk. The implications are significant, as stolen credentials can lead to account takeovers and further breaches within organizations. Companies using Next.js should prioritize updating their applications to mitigate this threat and protect user data.

Apr 5, 2026

Axios npm hack used fake Teams error fix to hijack maintainer account

BleepingComputer

The Axios HTTP client development team reported that one of their developers fell victim to a social engineering attack, likely orchestrated by North Korean hackers. The attackers used a fake Teams error message to gain access to the maintainer's account, which allowed them to compromise the project. This incident raises concerns about the security of widely-used open-source software, as it demonstrates how easily social engineering tactics can lead to significant breaches. Users and developers of Axios should be aware of these tactics and implement stronger security measures to protect their accounts and projects. The incident serves as a reminder of the persistent threat posed by state-sponsored hacking groups.

Apr 4, 2026

Qilin ransomware group claims the hack of German political party Die Linke

Security Affairs

The Qilin ransomware group has claimed responsibility for a data breach involving Die Linke, a left-wing political party in Germany. The group announced that they have stolen sensitive data from the party and are threatening to make it public unless their demands are met. While Die Linke has confirmed that the incident occurred, they have stated that there was no breach of their systems. This incident raises concerns about the cybersecurity of political organizations, especially given the sensitive nature of the data involved. The threat of public data leaks can have serious implications for political entities, affecting both their reputation and operational integrity.

Apr 4, 2026

European Commission breach exposed data of 30 EU entities, CERT-EU says

Security Affairs

A breach involving the European Commission's cloud infrastructure has resulted in the exposure of sensitive data from at least 30 EU entities. The incident was linked to the TeamPCP hacking group, which is known for targeting various organizations. CERT-EU, the Computer Emergency Response Team for the EU, confirmed this breach and made the information public on March 27. This incident raises significant concerns about the security of sensitive government data and the potential for further exploitation of the exposed information. Organizations within the EU must assess their security measures to prevent similar breaches in the future.

Apr 4, 2026

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

darkreading

The article discusses the shortcomings of data privacy labels for mobile apps, emphasizing that while the concept is beneficial, the current implementations fail to provide clear and useful information to users. Researchers found that inconsistencies in how these labels are presented can lead to confusion about what data is collected and how it is used. This lack of clarity can affect user trust and decision-making regarding app downloads. The article calls for improvements in the labeling process to ensure users are better informed about their privacy. Ultimately, enhancing these labels is crucial for protecting user data and fostering a safer digital environment.

Apr 3, 2026