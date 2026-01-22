Zendesk tickets hijacked in massive spam campaign
Hackers have hijacked Zendesk’s support system and used it for an apparently utterly chaotic and pointless spam campaign.
Zendesk is a customer service and support software platform that helps companies manage customer communication. It supports tickets, live chat, email, phone, and communication through social media. Among its features is the ability to allow unverified users to submit support tickets which, when that happens, automatically generates a confirmation email and sends it to the email that the user entered.
Now, researchers are saying hackers went through huge lists of email addresses and created countless fake support tickets, turning the feature into a mass-spam tool.
Zendesk customers hit
The list of affected companies is apparently huge, and it includes a few heavy hitters: Discord, Tinder, Riot Games, Dropbox, CD Projekt, NordVPN, Tennessee Department of Labor, Tennessee Department of Revenue, and many others.
Since the emails originate from a legitimate Zendesk system, they pass most spam filters, and land directly in people’s inboxes. Some people, according to BleepingComputer, received “hundreds” of emails in a very short amount of time.
The campaign started on January 18, but we don’t know if it’s still ongoing. What’s particularly bizarre about this campaign is that it’s not distributing malware, or phishing links. These are just emails pretending to be cries for help, or law enforcement takedown requests, which do nothing but flood the victims’ inboxes.
Here are a few subject lines:
FREE DISCORD NITRO!!
TAKE DOWN ORDER NOW FROM CD Projekt
LEGAL NOTICE FROM ISRAEL FOR koei Tecmo
TAKE DOWN NOW ORDER FROM Israel FOR Square Enix
Zendesk told BleepingComputer it tackled the problem by introducing new safety features.
"We've introduced new safety features to address relay spam, including enhanced monitoring and limits designed to detect unusual activity and stop it more quickly," the company said.
"We want to assure everyone that we are actively taking steps - and continuously improving - to protect our platform and users."
