ShinyHunters Breached Hims & Hers via Okta SSO → Zendesk Chain

Telehealth company Hims & Hers disclosed a data breach stemming from unauthorized access to its Zendesk customer service instance between February 4–7, 2026. Attackers accessed or exfiltrated support tickets containing customer names, contact details, and other personally identifiable information tied to support requests. No medical records or physician communications were involved.

The breach traces back to ShinyHunters, who compromised an Okta SSO account to pivot into the company’s Zendesk environment and steal millions of support tickets. This follows a broader pattern: the same attack chain has hit at least two other Zendesk customers recently — ManoMano in February and Crunchyroll in March — confirming that Zendesk instances accessed via federated SSO are an active target vector in ShinyHunters’ current campaign.

Hims & Hers notified California authorities and is offering 12 months of free credit monitoring to affected customers. The incident reinforces a structural risk: SaaS customer support platforms hold sensitive user data yet depend entirely on the security of the identity provider granting access — one compromised SSO credential is sufficient to drain the entire ticket history.