Attackers Exploit Zendesk Authentication Issue to Flood Targets’ Inboxes with Corporate Notifications

Cybercriminals have discovered a gap in Zendesk’s ticket submission process and are using it to bombard victims with waves of misleading support messages.

When configured to accept anonymous requests, however, the service can be abused to generate email floods that appear to come from legitimate corporate domains.

Earlier this week, security blogger Brian Krebs was the target of this campaign, receiving thousands of rapid-fire email alerts from more than 100 different Zendesk customers.

The flood included notifications supposedly sent by well-known brands such as NordVPN, CompTIA, Tinder, The Washington Post, Discord, GMAC, and CapCom, as reported by KrebsOnSecurity.

Each alert bore the branding and reply-to address of the customer, making it almost impossible to distinguish the spam from genuine ticket notifications.

Anonymous ticket creation enables mass impersonation

According to Zendesk communications director Carolyn Camoens, the ...