If your inbox was overflowing today with “activate your account” emails or support confirmations you never requested, you’re not alone. Hackers are exploiting misconfigured Zendesk customer support portals to launch massive email floods.
The attack works simply but effectively: automated scripts submit fake tickets using victims’ email addresses across multiple company websites. Zendesk then sends legitimate confirmation or welcome emails, bypassing spam filters and overwhelming inboxes—a kind of personal DDoS attack.
This issue isn’t new. Earlier in January, companies like Dropbox and 2K faced similar problems. Despite Zendesk adding security measures and advising verification for ticket creation, many portals remain vulnerable. Affected users are currently left marking emails as spam, but the sheer volume makes it tedious. The incident underscores the importance of proper configuration and monitoring of helpdesk systems.
Related News