- Hackers exploited the Zendesk ticketing system to send massive amounts of spam from legitimate domains.
- Major companies, including Discord, Tinder, Riot Games and Dropbox, included in the campaign
- Zendesk introduced monitoring and limits to stop relay spam and protect users
Hackers hijacked Zendesk’s support system and used it for a seemingly completely chaotic and unnecessary spam campaign.
Zendesk is a customer service and support software platform that helps businesses manage communication with their customers. It supports tickets, live chat, email, phone, and social media communication. Among its features is the ability to allow unverified users to submit support tickets which, when this happens, automatically generates a confirmation email and sends it to the email entered by the user.
Now, researchers say hackers scoured huge lists of email addresses and created countless fake support tickets, turning the feature into a massive spam tool.
Affected Zendesk customers
The list of affected companies is apparently huge and includes some heavy hitters: Discord, Tinder, Riot Games, Dropbox, CD Projekt, NordVPN, Tennessee Department of Labor, Tennessee Department of Revenue and many others.
Since the emails come from a legitimate Zendesk system, they pass most spam filters and land directly in users’ inboxes. Some people, according to BeepComputerreceived “hundreds” of emails in a very short time.
The campaign began on January 18, but it is unclear whether it is still ongoing. What’s particularly weird about this campaign is that it doesn’t distribute malware or phishing links. These are just emails masquerading as calls for help or requests for removal from law enforcement, which only flood victims’ inboxes.
Here are some subject lines:
FREE NITRO DISCORD!!
PICK UP ORDER NOW ON CD Projekt
ISRAEL LEGAL NOTICES FOR koei Tecmo
NOW PICKING UP ORDER FROM Israel FOR Square Enix
Zendesk said BeepComputer it fixed the problem by introducing new security features.
“We’ve introduced new security features to combat relay spam, including improved monitoring and limits designed to detect unusual activity and stop it more quickly,” the company said.
“We want to assure everyone that we are actively taking steps – and continually improving – to protect our platform and our users.”
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
