#User tickets exposed

I had opened a ticket in the past confirming with the team what seems like a genuine concern and vulnerability. It appears bad actors can find out when new tickers have been created, and can deduce the ticket number to then DM the user of the newly opened ticket. This feels dangerous and I was wondering about concerns or prevention.