Zendesk says access occurred in 2016 and that only a small percentage of customers were impacted. Affected users are advised to rotate all credentials for the respective app used during the vulnerable time period. The bulk of the account data accessed included PII data tied to its Support and Chat service, but also included expired trial accounts and accounts that are no longer active. The company became aware of the accessed data on September 24 when a third party notified them of the leak.
Source: https://threatpost.com/zendesk-exposes-10000-accounts/148881/