What happened
Hims & Hers warned that customer-support data may have been exposed through third-party ticketing infrastructure tied to Zendesk workflows. The company advised users to stay alert for suspicious outreach and to review account protections.
Why this matters
Support systems often hold sensitive profile details and contact history. Even when core payment systems are unaffected, exposed support data can fuel phishing, SIM-swap attempts, and account-takeover campaigns.
How to check if you’re affected
You may be affected if you had recent support interactions with Hims & Hers via Zendesk-backed workflows during the disclosed incident window (affected users/scope: customers with support-ticket metadata in impacted systems; affected versions: not a software version issue, this is an incident-window data exposure scope).
- Check your email and in-app notices for any official incident notification.
- Reset your account password and ensure it is unique.
- Enable multi-factor authentication where available.
- Watch for phishing emails/SMS referencing support tickets, prescriptions, or account updates.
- Review account activity for unfamiliar logins or profile changes.
Immediate defensive actions
- Treat unexpected “support follow-up” messages as suspicious unless verified through official channels.
- Do not share one-time codes with support agents over phone/chat.
- Place extra monitoring on financial and telecom accounts if personal data may have been exposed.
Sources
- https://support.hims.com/hc/en-us (primary source)
- https://support.zendesk.com/hc/en-us/categories/4405290184730-Security-and-privacy (primary source)
- https://www.bleepingcomputer.com/ (supporting source)
Bottom line
Third-party support tooling can become a weak link. If you used affected support channels, harden account access now and remain alert for targeted social-engineering attempts.