Cybercriminals are leveraging poor authentication settings in Zendesk, a customer service platform, to inundate specific email addresses with spam messages. These emails appear to come from legitimate corporate clients, including major companies like CapCom and The Washington Post. The issue arises from how Zendesk allows support requests to be submitted anonymously by anyone without prior verification. Although Zendesk has measures like rate limits in place, these did not prevent massive influxes of messages in some cases.
The communication director at Zendesk, Carolyn Camoens, noted that the configuration allowing anonymous ticket submissions serves various business needs. However, this particular setup inadvertently opens the door for spammers to misuse the platform. To mitigate this, Zendesk advises customers to verify submitting email addresses and adjust their ticket creation settings. The ongoing abuse highlights the need for enhanced security measures and better customer education regarding proper usage to protect against these attacks.
👉 Pročitaj original: Krebs on Security
