Ya I do find it hard to believe a project as big as zendesk doesn't take the necessary precautions to protect against security issues like this. But maybe they weren't anticipating people using their software to store important personal docs like bank statements?
Did global forget to check this box though? OMEGALUL
https://support.zendesk.com/hc/en-us...er-attachments
Verifying your customer’s identity through a passport or driver license scan can be an effective way to verify the identity of your customer.
Due to the sensitive nature of these documents, and their ability to be used for identity theft, we recommend using the require authentication to download feature. While regular attachments are secured using a token, a URL that is considerably complex and random, they could be potentially exposed through a misdirected email.
To enable require authentication to download go to Admin ( ) > Settings > Tickets .
Please note, until the require authentication to download is associated with a specific group or agent, uploaded files are visible to any authenticated user. Once an attachment is associated with a ticket or post, visibility is restricted to users with access to the ticket or post that has the authentication to download.
Last edited by rngz; 06-21-2018 at 03:09 PM.