A second wave of spam attacks has targeted unsecured Zendesk instances, exploiting misconfigured systems to distribute malicious content at scale. This follows an established pattern of threat actors identifying and weaponising publicly accessible customer service platforms—a vulnerability class that persists despite repeated warnings across the sector. The attacks leverage the trust inherent in support channels; when spam originates from legitimate Zendesk accounts, it bypasses initial recipient scepticism and gains distribution through established customer relationships. The recurrence of such campaigns suggests that configuration hardening remains inconsistently implemented across organisations, even among those managing sensitive customer interactions.
For CX teams, the implications extend beyond inbox clutter. Compromised support instances damage customer trust at the point of contact, undermine ticket integrity, and create operational friction as teams distinguish legitimate requests from injected spam. More critically, unsecured Zendesk deployments become staging grounds for credential harvesting and social engineering—attackers can impersonate support staff or inject phishing links into ticket threads where customers expect authentic communication. This mirrors the broader vulnerability landscape affecting similar platforms, as evidenced by concurrent Freshdesk phishing operations, suggesting that customer service infrastructure has become a systematic target rather than an opportunistic one.
The strategic question for CX leaders is whether current access control practices—API key management, IP whitelisting, multi-factor authentication enforcement—are treated as operational requirements or security afterthoughts. Teams operating at scale should audit token exposure, review webhook configurations, and verify that only necessary integrations retain active credentials. The cost of remediation is negligible compared to the reputational and operational damage of a compromised support channel, yet the persistence of these attacks indicates the gap between security guidance and implementation remains substantial.
2nd spam wave exploits unsecured Zendesk systems SC Media
2nd spam wave exploits unsecured Zendesk systems scworld.com