"Discord recently discovered an incident where an unauthorized party compromised one of our third-party vendors. This was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. This incident impacted a limited number of users who had communicated with our Customer Support or Trust & Safety teams. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals."
"The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated 1.5 terabytes of sensitive information, including over 2.1 million government-issued identification photos. However, Discord disputes these figures, stating that approximately 70,000 users had their ID photos exposed during the September 20, 2025 incident."
An unauthorized party compromised a third-party customer support vendor used by Discord, enabling an extortion attempt and suspected exfiltration of sensitive user data. Threat actors claimed 1.5 terabytes and over 2.1 million government-issued ID photos; Discord disputes those figures and reports about 70,000 users may have had government-ID photos exposed during a September 20, 2025 incident. The breach affected third-party ticketing systems managed by Zendesk rather than Discord's core infrastructure. Discord says no messages or account activity beyond support interactions were accessed. Discord revoked vendor access, is investigating, working with law enforcement, and notifying impacted users.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]