Zendesk
January 18, 2026
•[ spam campaign, email abuse, unsolicited messaging ]
A large-scale spam campaign abused Zendesks support-ticket functionality, where unverified users can submit tickets that trigger automatic confirmation emails to the address provided. Beginning around January 18, 2026, recipients worldwide reported receiving hundreds of emails with unusual or alarming subject lines, generating confusion and disruption. The reports indicated that attackers were leveraging support platforms run by companies that use Zendesk for customer service; the immediate impact was mass unsolicited messaging rather than confirmed data theft.
Rochester Public School listserv
May 12, 2025
•[ misconfiguration, insider threat, email abuse ]
Rochester School District officials reported that students and staff were bombarded with sexually explicit and threatening emails after a student exploited a misconfiguration in an email distribution list. The distribution list had been inadvertently configured with broader permissions than intended, allowing a student to send an unauthorized mass message to a large number of student accounts across grade levels. The districts technology team worked to identify the source, recall the messages, and correct the permission setting; students were then blocked from sending to distribution groups. The incident primarily affected communications integrity and student safety, rather than causing extended operational downtime.
