08.10.2025
2 min
554
Discord confirmed the data leak through a third-party support service, but denied the hackers’ claims about the scale — instead of 5.5 million users, according to official information, about 70,000 accounts containing photos of government ID cards were affected. The hacking group behind the attack said it stole 1.6 TB of data, including 1.5 TB of attachments and over 100 GB of support service transcripts. In total, they said, this concerned 8.4 million requests from 5.5 million users, some of which contained payment details.
Discord confirmed that the incident occurred not in the main system, but in the Zendesk instance used to process user requests. The company emphasized that the attackers obtained the data through a compromised account of an employee of a third-party BPO provider and not through a vulnerability in Zendesk.
The hackers claim to have had access to an internal Zenbar application that allowed them to manage MFA settings, search for phones, emails, and user IDs.
Threatening to release the stolen data, the group demanded a ransom of $5 million, later reducing the amount to $3.5 million. Discord refused to pay and called these actions extortion. After that, the attackers said that they would publish the stolen data if they did not receive the money.
Discord is one of the largest communication platforms in the world, used by over 500 million users. After a series of attacks on third-party support services (Zendesk, Atlassian, Okta), cybercriminals are increasingly targeting BPO providers that have indirect access to client systems. Discord’s incident shows that even outsourcing support can be a weak point if account controls are not tight enough.
Discord’s Zendesk data breach highlights the vulnerability of the customer support ecosystem and the importance of vetting the security of third-party providers. Users should update their MFA settings, change their passwords, and be vigilant for phishing emails that may come from compromised addresses.
