This was widespread, I was also affected. I think you can create spoof tickets / accounts over Https with no verification and zendesk don't want to do anything which adds friction.