Hims & Hers Zendesk Support Breach via ShinyHunters Okta Campaign

📅 2026-02-04 🏢 Zendesk (customer support platform); Okta (identity/SSO)

Incident Details

Between February 4–7, 2026, threat actors used a compromised Okta SSO account to access Hims & Hers’ Zendesk support instance and exfiltrate customer support tickets. The breach was detected February 5 and investigated through March 3. ShinyHunters conducted the breach as part of a broader campaign targeting Okta SSO accounts to pivot into SaaS platforms. Exposed data included names, contact information, and contents of support requests; no medical records or doctor communications were compromised. Hims & Hers has not disclosed the number of affected individuals. The breach is related to simultaneous ShinyHunters campaigns against Telus Digital and other companies.

Technical Details

Initial Attack Vector: ShinyHunters compromised an Okta SSO account to access Hims & Hers' Zendesk customer support instance
Vendor / Product: Zendesk (customer support platform); Okta (identity/SSO)
Supply Chain Attack: ✅ Confirmed third-party / vendor compromise

Timeline

2026-02-04 Breach occurred
2026-04-03 Publicly disclosed
2026-04-03 Customers notified