#Delete all data from Zendesk, stop using it for support ticketing, drop it & self host your own

13 messages · Page 1 of 1 (latest)

alpine token
#

Following the various data breaches lately involving Zendesk, including with Discord's latest data breach, I believe it is time for Bunny to stop using Zendesk to show their dedication to customer security.

Zendesk has a lack of data security which allows generic support user accounts to be used to exfiltrate data, and the data is held on US servers, which goes against Bunny's privacy stances.

For example, see: https://youtu.be/9X2T1dI_JS8

YouTube
PC Security Channel
Why this Discord Hack is really bad

Discord recently had a massive data breach where hackers got into a Zendesk support instance to leak government ID photos, payment information and more. Millions of users are affected, if you've ever had a support ticket on discord change your credit card and take precautions.

Buy the best antivirus: https://thepcsecuritychannel.com/best-antivi...

▶ Play video
#

Delete all data from Zendesk, stop using it for support ticketing, drop it & self host your own

charred oxide
#

and the data is held on US servers

My Zendesk data is stored in the EU 😆

Zendesk has a lack of data security which allows generic support user accounts to be used to exfiltrate data

That's not limited to Zendesk. That's just how the modern internet works. Pages talk to APIs to get data. Thus accounts have API access. The bunny.net dashboard just uses the API as well innit. That's then also "lack of data security" because an account can be used to exfiltrate data for the whole bunny account

Also worth noting that people can simply lock down their Zendesk accounts to their VPN IPs, then even the API is not accessible outside the allowed IPs, thus you'd have much bigger problems

gritty saffron
#

The support platform data resides 100% in the EU, nothing is stored on US servers.

While we of course cannot speak to the specifics of our security practices, we are continually working to ensure the security of our platform and privacy of our customers.
We are hyper conscious of the responsibility we have with the data our clients trust us with, and we have dedicated Security and Compliance bunnies working to ensure our Security our compliance of EU privacy and data protection legislation.

alpine token
alpine token
#

It would be a nice thing to see happen. I love breaking free of third parties myself in my tech stack Bunnyflawless

gritty saffron
#

Indeed that would be nice, but there's nothing on the roadmap for this at the moment. We will share updates on future privacy or EU sovereignty changes as and when.

alpine token
#

Not sure why but for some reason the H1 program isn't mentioned under the Vulnerability Management section... I wonder why? 🤔

#

Having a reasonable disclosure program is certainly something to boast about