Zendesk ticket systems hijacked in massive global spam wave

This news article reports on a massive global spam wave originating from unsecured Zendesk support systems, affecting numerous companies including Discord, Tinder, and Dropbox. Attackers are exploiting Zendesk's feature that allows unverified users to submit support tickets, which then generate confirmation emails. These emails, bypassing spam filters due to their legitimate source, have bizarre subjects and are designed to confuse and alarm recipients, though they do not contain malicious links. Zendesk has introduced new safety features to address this issue and advises companies to restrict ticket creation to verified users and remove placeholders that allow any email addresses or ticket subjects to be used.