A mass wave of automated confirmation emails began on January 18 and generated hundreds of messages worldwide by exploiting unsecured Zendesk support systems, the Zendesk advisory said.
KEY FACTS
- Incident Automated support ticket confirmations used to send mass spam
- Start date January 18
- Method Abuse of open ticket creation on support platforms
- Impact Hundreds of confusing emails that bypassed spam filters
Recipients reported receiving hundreds of messages with odd or alarming subjects. Examples included offers of free Discord Nitro, alleged takedown orders, law enforcement notices, and messages with decorated Unicode text. The messages did not appear to include phishing links.
Attackers created fake support tickets by submitting any email address to open ticket forms that do not require verification. Those ticket submissions triggered automated confirmation replies from the affected support instances, turning the systems into a mass mailing channel.
Affected organizations included Discord, Tinder, Riot Games, Dropbox, 2K, NordVPN, Tennessee state agencies, Kahoot, Headspace, and Lime. Some impacted organizations posted notices advising recipients to ignore the automated messages and not to act on them.
The advisory recommended restricting ticket creation to verified users and removing placeholders that permit arbitrary email addresses or subjects. The platform has also introduced enhanced monitoring and rate limits to detect and stop this form of relay spam.
WHY IT MATTERS
Automated replies from legitimate support systems can bypass spam filters and cause widespread confusion. Organizations should apply the advisory measures to limit unsolicited ticket creation and reduce the risk of future relay spam.