Zendesk Security Flaw Enables Mass Email Bombing Attacks
By
todsacerdoti
7mo ago· 3 min readenNews
65/100
Toasty
Bagelometer↗
Crisped on the outside, thoughtful enough on the inside.
Score65TypenewsSentimentnegative
Summary
Cybercriminals are exploiting a security vulnerability in Zendesk's customer service platform that allows them to send massive volumes of threatening emails to targeted individuals. The attack leverages Zendesk's lack of authentication requirements, enabling attackers to flood inboxes with messages that appear to come from hundreds of legitimate corporate customers simultaneously, including companies like CapCom, CompTIA, and Discord.
Key quotes
· 4 pulledCybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages
Zendesk is an automated help desk service designed to make it simple for people to contact companies for customer support issues
KrebsOnSecurity started receiving thousands of ticket creation notification messages through Zendesk in rapid succession
each bearing the name of different Zendesk customers, such as CapCom, CompTIA, Discord
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.
