Hackers have abused Zendesk’s support ticket systems to send a wave of spam emails.
Zendesk, a tool used by many help desks, has been affected by hacker abuse. Unsecured Zendesk support systems have been used to send hundreds of spam emails worldwide, with users receiving mass automated emails from legitimate companies.
Massive amount of emails
The spam campaign started on January 18 and caused some victims to receive hundreds of emails in a short period of time. The messages contained striking and sometimes disturbing subject lines, ranging from fake legal notices to promotions and unreadable Unicode texts. No clear phishing links were found, but the gigantic volume did cause confusion for users
Attackers exploited Zendesk settings that allow unverified users to create support tickets. Each ticket automatically generates a confirmation email. By automating this process and using large email lists, the perpetrators were able to use Zendesk to send spam emails.
Well-known brands affected
Companies such as Discord, Tinder, Riot Games, Dropbox, NordVPN and various U.S. government agencies saw their Zendesk systems being abused. Some companies, such as 2K and Dropbox, themselves reported that the emails could be ignored.
Zendesk confirmed that it has introduced new security measures, including stricter monitoring and limits to detect “relay spam” more quickly. Organizations are advised to limit ticket submissions to verified users and to more strictly screen free input fields to prevent recurrence.