Xe 

Did Zendesk get popped?

https://xeiaso.net/notes/2026/zendesk-popped/?utm_campaign=mi_irl&utm_medium=social&utm_source=mastodon

Did Zendesk get popped?

I've got like 50 emails from Zendesk customers to activate an account.

Feb 4 at 7:44pmWeb
Show threadaura-deprecatedFeb 4

@cadey https://social.treehouse.systems/@aurelia/116014040535555333

i thought it was related to someone finding me in relation to a CVE published today. half of them are NEW signups to my git email too. my guess is that someone is just doing bounce spam again like the linked brian krebs article

aura-v2b-heretic (@[email protected])

Attached: 1 image how you know you've been credited for your first CVE

Treehouse Mastodon
Show threadaura-deprecatedFeb 4
@cadey i guess it could be anubis contributors!
Show threadXe Feb 4
@aurelia I'm also getting it to an email that has not contributed to Anubis fwiw
Show threadaura-deprecatedFeb 4
@cadey i'm getting it on my git email (which is git@ and used for nothing else) and one other one, but not the one on my CV, so my guess is the source is somewhere on github
Show threadsodiboo Feb 4
@cadey @aurelia yeah I don't think this is related to Anubis at all lol. I'm not involved at all with any of you but I'm getting these emails as well and they're mostly to emails that were given out to Zendesk customers, but also to my git committer identity and at least 4 entirely made up aliases that I've never used, which is possible because my email alias scheme is awfully predictable. I found this thread by just keyword searching "Zendesk"
Show threadsodiboo Feb 4
@cadey @aurelia

RE: https://gaysex.cloud/notes/aic3wrs8ddjx06o7
Show threadHugo 雨果Feb 4
@aurelia @cadey Seeing the same pattern. My email isn’t in any CVE, but is my git (and general public) email.
Show threaddamien 🥖🐈‍⬛🧣Feb 4
@cadey idk if it’s the same instance but https://www.bleepingcomputer.com/news/security/zendesk-ticket-systems-hijacked-in-massive-global-spam-wave/ (from last month)
Zendesk ticket systems hijacked in massive global spam wave

People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines.

BleepingComputer
Show threaddamien 🥖🐈‍⬛🧣Feb 4
@cadey okay im getting some new ones as well, oof
Show threadzhenechFeb 4
@cadey hah, I'm not the only one getting those and being confused. Phew.
Show threadhelasloFeb 4
@cadey Got a massive spam wave too, only one managed to get through my spam filter and here I am searching if it only happened to me 😅
Show threadvillainous friendFeb 4
@cadey I’ve got a lot too, and this happened to me a couple of weeks ago also. I think it’s more a case of someone spamming Zendesk and using harvested email addresses to do so—I didn’t see any indication last time that any of my accounts had been compromised (including Zendesk customers whose services I use), or that any of the ‘new’ accounts had been fully set up, etc.
Show threadvillainous friendFeb 4
@cadey reading other responses: I’m not a contributor to anubis or anything comparatively cool, though I do some open source work 😅
Show threadSoftwarewolfFeb 4
@cadey https://www.malwarebytes.com/blog/news/2026/01/spammers-abuse-zendesk-to-flood-inboxes-with-legitimate-looking-emails-but-why
Spammers abuse Zendesk to flood inboxes with legitimate-looking emails, but why?

Spammers are abusing Zendesk to flood inboxes with emails from trusted brands. There’s no phishing or malware—just noise.

Malwarebytes
Show threadPhillip Feb 5
@faoluin @cadey glad to know it’s not just me. I got a few dozen of them a couple weeks ago over the span of like 3 days, all overnight US time. They were sending them to my discord email ([email protected]) at first before branching out to things like [email protected], [email protected], and so on. The others they tried aren’t real accounts used anywhere, so it felt like manual intervention fwiw
Show threadJordiGHFeb 4

@cadey This seems like a plausible explanation.

https://news.ycombinator.com/item?id=46891885

It seems to have started two weeks ago. A spammer realized that one can find a Z... | Hacker News

Show threadtbodtFeb 5
@cadey i theorize some spammer's email list has a lot of zendesk addresses in it by accident...but that doesn't much explain why they are coming from me