Discord won’t pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed. Discord announced it won’t pay the threat actors claiming to have stolen data on 5.5M users, clarifying that only about 70K ID photos were actually exposed. The attackers claimed they have breached Discord’s Zendesk support instance, but […] Discord won’t pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed. Discord announced it won’t pay the threat actors claiming to have stolen data on 5.5M users, clarifying that only about 70K ID photos were actually exposed. The attackers claimed they have breached Discord’s Zendesk support instance, but the company has yet to confirm it. Attackers claim they have exploited Zendesk integrations to query Discord’s internal systems and stole 1.6TB of data, including 8.4M support tickets. This week, the free communication platform disclosed a breach at a third-party customer support provider that exposed data of users who contacted its Support or Trust & Safety teams. The stolen info includes names, usernames, emails, contact and billing details, IPs, and messages with agents. The instant messaging and VoIP social platform said government ID images were also exposed for users who appealed age verification decisions. The company states that financial data (full credit card numbers or CCV codes) and passwords or authentication data were exposed. Discord pointed out that its systems were not breached. “Discord recently discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. This incident impacted a limited number of users who had communicated with our Customer Support or Trust & Safety teams.” reads the Update on the Security Incident published by the company. This unauthorized party did not gain access to Discord directly. “ Discord promptly revoked the third-party provider’s access to its support systems and launched an internal investigation with the help of a leading computer forensics firm. The company notified law enforcement. Discord confirmed no data beyond user interactions with support agents was accessed and is notifying affected users via email. Vx-underground researchers reported that hackers are extorting Discord, claiming to have stolen 1.5TB of age verification photos, totaling over 2.1M images. Chat, we are cookedDiscord is being extorted by the people who compromised their Zendesk instanceThey've got 1.5TB of age verification related photos. 2,185,151 photostl;dr 2.1m Discord users drivers license and/or passport might be leaked. Unknown number of e-mails— vx-underground (@vxunderground) October 8, 2025
Published: 2025-10-09T08:49:40