Zendesk Platform Abused for Email Flood Attacks

First reported

17.10.2025 14:26

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Cybercriminals have exploited lax authentication settings in Zendesk to flood targeted email inboxes with spam messages. The attacks use hundreds of Zendesk corporate customers simultaneously, sending notifications from customer domain names. Zendesk acknowledged the issue and is investigating additional preventive measures. The abuse involves sending ticket creation notifications from customer accounts that allow anonymous submissions. This allows attackers to create support tickets with any chosen subject line, including menacing or insulting messages. The notifications appear to come from legitimate customer domains, making them harder to filter out. Zendesk recommends customers configure authenticated ticket creation workflows to prevent such abuse, but some customers prefer anonymous environments for various business reasons.

Timeline

17.10.2025 14:26 1 articles · 23h ago

Zendesk Platform Abused for Email Flood Attacks
Cybercriminals exploited lax authentication settings in Zendesk to flood targeted email inboxes with spam messages. The attacks use hundreds of Zendesk corporate customers simultaneously, sending notifications from customer domain names. Zendesk acknowledged the issue and is investigating additional preventive measures. The abuse involves sending ticket creation notifications from customer accounts that allow anonymous submissions. This allows attackers to create support tickets with any chosen subject line, including menacing or insulting messages. The notifications appear to come from legitimate customer domains, making them harder to filter out.
Show sources

Email Bombs Exploit Lax Authentication in Zendesk — krebsonsecurity.com — 17.10.2025 14:26
Open in new tab

Information Snippets

Zendesk is an automated help desk service used by many companies for customer support.
First reported: 17.10.2025 14:26

1 source, 1 article
Show sources
- Email Bombs Exploit Lax Authentication in Zendesk — krebsonsecurity.com — 17.10.2025 14:26
Cybercriminals exploited Zendesk's lack of authentication to send spam messages from legitimate customer domains.
First reported: 17.10.2025 14:26

1 source, 1 article
Show sources
- Email Bombs Exploit Lax Authentication in Zendesk — krebsonsecurity.com — 17.10.2025 14:26
The abuse involves sending ticket creation notifications from customer accounts that allow anonymous submissions.
First reported: 17.10.2025 14:26

1 source, 1 article
Show sources
- Email Bombs Exploit Lax Authentication in Zendesk — krebsonsecurity.com — 17.10.2025 14:26
Zendesk acknowledged the issue and is investigating additional preventive measures.
First reported: 17.10.2025 14:26

1 source, 1 article
Show sources
- Email Bombs Exploit Lax Authentication in Zendesk — krebsonsecurity.com — 17.10.2025 14:26
Zendesk recommends customers configure authenticated ticket creation workflows to prevent such abuse.
First reported: 17.10.2025 14:26

1 source, 1 article
Show sources
- Email Bombs Exploit Lax Authentication in Zendesk — krebsonsecurity.com — 17.10.2025 14:26