Zendesk ticket systems hijacked in massive global spam wave

Recorded: Jan. 22, 2026, 3:03 a.m.

Original

News

Featured
Latest

Fake Lastpass emails pose as password vault backup alerts

Microsoft shares workaround for Outlook freezes after Windows update

Fortinet admins report patched FortiGate firewalls getting hacked

Hackers exploit security testing apps to breach Fortune 500 firms

Zendesk ticket systems hijacked in massive global spam wave

Chainlit AI framework bugs let hackers breach cloud environments

Cisco fixes Unified Communications RCE zero day exploited in attacks

New Android malware uses AI to click on hidden browser ads

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityZendesk ticket systems hijacked in massive global spam wave

Zendesk ticket systems hijacked in massive global spam wave

By Lawrence Abrams

January 21, 2026
06:46 PM
0

People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines.
The wave of spam messages started on January 18th, with people reporting on social media that they received hundreds of emails.
While the messages do not appear to contain malicious links or obvious phishing attempts, the sheer volume and chaotic nature of the emails have made them highly confusing and potentially alarming for recipients.

The emails are being generated by support platforms run by companies that use Zendesk for customer service.
Attackers are abusing Zendesk's ability to allow unverified users to submit support tickets, which then automatically generate confirmation emails sent to the email address the attacker entered.
Because Zendesk sends automated replies confirming that a ticket was received, the attackers are able to turn these systems into a mass-spamming platform by interating through large lists of email addresses when creating fake support tickets.
Companies whose Zendesk instances were seen impacted include: Discord, Tinder, Riot Games, Dropbox, CD Projekt (2k.com), Maya Mobile, NordVPN, Tennessee Department of Labor, Tennessee Department of Revenue, Lightspeed, CTL, Kahoot, Headspace, and Lime.

Wave of spam coming from unsecured ZenDesk instancesSource: BleepingComputer
The emails have bizarre subjects, with some pretending to be law-enforcement requests or corporate takedowns, while others offer free Discord Nitro or say "Help Me!" Many are also written in Unicode fonts to bold or decorate the fonts in multiple languages.
Examples include:
FREE DISCORD NITRO!!
TAKE DOWN ORDER NOW FROM CD Projekt
LEGAL NOTICE FROM ISRAEL FOR koei Tecmo
TAKE DOWN NOW ORDER FROM Israel FOR Square Enix
DONATION FOR State Of Tennessee CONFIRMED
LEGAL NOTICE FROM State Of Louisiana FOR Electronic
鶊坝鱎煅貃姄捪娂隌籝鎅熆媶鶯暘咭珩愷譌argentine恖
Re: TAKE DOWN NOW ORDER FROM CHINA FOR Konami Digital Entertainme
IMPORTANT LAW ENFORCEMENT NOTIFICATION FROM DISCORD FROM Peru
Thank you for your purchase!
Help Me!
Empty titles
Because the emails come from legitimate companies' Zendesk support systems, they are bypassing spam filters, making them more intrusive and alarming than ordinary spam mail. However, as the emails don't contain phishing links, they appear to be designed to troll recipients rather than to engage in malicious behavior.
Multiple companies have confirmed they were affected by the spam wave, including DropBox and 2K, who responded to tickets to tell recipients not be concerned and to ignore the emails.
"You may have recently received an automated response or notification regarding a support ticket that you did not submit. We want to clarify why this might have happened and assure you there is no cause for concern," wrote 2K.
"To remove barriers and enhance your experience, our system allows anyone to submit a support ticket, provide feedback, and report bugs without having to sign up for a dedicated support account and verify their email address. This open policy means that anyone can potentially submit a ticket using any email address."
"Please rest assured that we do not act on any account or process sensitive requests without authenticated, direct instruction from the account holder."
Zendesk told BleepingComputer that have introduced new safety features on their end to detect and stop this type of spam in the future.
"We've introduced new safety features to address relay spam, including enhanced monitoring and limits designed to detect unusual activity and stop it more quickly,"
"We want to assure everyone that we are actively taking steps - and continuously improving - to protect our platform and users."
Zendesk previously warned customers about this type of abuse in a December advisory, explaining that attackers were using Zendesk to send mass spam emails through what it called "relay spam."
The company says that organizations can prevent this type of abuse by restricting ticket creation to only verified users and removing placeholders that allow any email addresses or ticket subject to be used.

Secrets Security Cheat Sheet: From Sprawl to Control
Whether you're cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.
Download Now

Related Articles:
Microsoft cancels plans to rate limit Exchange Online bulk emailsFake Lastpass emails pose as password vault backup alertsMicrosoft: Windows 11 update causes Outlook freezes for POP usersGoogle now lets you change your @gmail.com address, rolling outGrubhub confirms hackers stole data in recent security breach

Email
Spam
Support Ticket
Zendesk

Lawrence Abrams
Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.

Popular Stories

Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs

Ingram Micro says ransomware attack affected 42,000 people

New PDFSider Windows malware deployed on Fortune 100 firm's network

Sponsor Posts

Discover how phishing kits are sold and deployed. Download the full research report.

Discover how to scale IT infrastructure reliably without adding toil or burnout.

Identity Governance & Threat Detection in one: Get a guided tour of our platform

Upcoming Webinar

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

This document details a widespread, global spam wave originating from hijacked Zendesk support systems. The incident, reported by Lawrence Abrams of BleepingComputer.com in January 2026, involved attackers abusing Zendesk’s open ticket submission process to generate and send massive volumes of automated emails to a diverse range of companies utilizing Zendesk for their customer support.

The core of the problem stems from Zendesk’s policy of allowing unverified users to submit support tickets. Attackers exploited this feature by creating numerous fake tickets, triggering automated confirmation emails to be sent to a large list of email addresses. The subjects of these emails were often bizarre and alarming, mimicking legal notifications, corporate takedowns, or offering free Discord Nitro, intended to cause immediate concern and confusion among recipients. Many emails utilized Unicode fonts, further adding to the visual disruption and sense of urgency. Affected companies included prominent names like Discord, Tinder, Riot Games, Dropbox, 2K, CD Projekt, Maya Mobile, NordVPN, and government entities such as the Tennessee Department of Labor and Revenue.

The attackers’ goal appears to be “relay spam,” a tactic used to bypass email filters through a compromised system. This method relies on the recipient's email client to handle the incoming message, allowing it to bypass traditional spam detection mechanisms. Zendesk recognized this abuse in a previous December advisory and subsequently implemented new safety features, including enhanced monitoring and activity limits, designed to quickly detect and stop these types of attacks. Companies impacted, such as Dropbox and 2K, issued statements reassuring their users that the emails were illegitimate and that no genuine action was being taken based on the fraudulent tickets. They emphasized that Zendesk does not act on sensitive requests without authenticated, direct authorization from the account holder.

Zendesk’s proactive measures demonstrate a recognition of the vulnerability inherent in open ticket submission platforms. To mitigate future incidents, companies are advised to restrict ticket creation to only verified users and eliminate placeholder fields that allow unrestricted email addresses or ticket subjects to be used. This approach focuses on strengthening security controls and minimizing the potential avenues for exploitation. The entire situation highlights the importance of vigilance and proper security configurations within customer support systems, especially those reliant on automated communication channels.