Hackers declare Discord breach uncovered information of 5.5 million customers

Discord says they won’t be paying risk actors who declare to have stolen the information of 5.5 million distinctive customers from the corporate’s Zendesk help system occasion, together with authorities IDs and partial fee info for some folks.

The corporate can be pushing again on claims that 2.1 million photographs of presidency IDs had been disclosed within the breach, stating that roughly 70,000 customers had their authorities ID photographs uncovered.

Whereas the attackers declare the breach occurred by means of Discord’s Zendesk help occasion, the corporate has not confirmed this and solely described it as involving a third-party service used for buyer help.

“First, as acknowledged in our weblog publish, this was not a breach of Discord, however quite a third-party service we use to help our customer support efforts,” Discord instructed BleepingComputer in an announcement.

“Second, the numbers being shared are incorrect and a part of an try and extort a fee from Discord. Of the accounts impacted globally, we’ve got recognized roughly 70,000 customers which will have had government-ID photographs uncovered, which our vendor used to overview age-related appeals.”

“Third, we is not going to reward these answerable for their unlawful actions.”

In a dialog with the hackers, BleepingComputer was instructed that Discord just isn’t being clear in regards to the severity of the breach, stating that they stole 1.6 TB of knowledge from the corporate’s Zendesk occasion.

In line with the risk actor, they gained entry to Discord’s Zendesk occasion for 58 hours starting on September 20, 2025. Nonetheless, the attackers say the breach didn’t stem from a vulnerability or breach of Zendesk however quite from a compromised account belonging to a help agent employed by means of an outsourced enterprise course of outsourcing (BPO) supplier utilized by Discord.

As many firms have outsourced their help and IT assist desks to BPOs, they’ve turn into a preferred goal for attackers to realize entry to downstream buyer environments.

The hackers allege that Discord’s inner Zendesk occasion gave them entry to a help software, generally known as Zenbar, that allowed them to carry out numerous support-related duties, equivalent to disabling multi-factor authentication and looking out up customers’ telephone numbers and e mail addresses.

Utilizing entry to Discord’s help platform, the attackers claimed to have stolen 1.6 terabytes of knowledge, together with round 1.5 TB of ticket attachments and over 100 GB of ticket transcripts.

The hackers say this consisted of roughly 8.4 million tickets affecting 5.5 million distinctive customers, and that about 580,000 customers contained some type of fee info.

The risk actors themselves acknowledged to BleepingComputer that they’re uncertain what number of authorities IDs had been stolen, however they consider it’s greater than 70,000, as they are saying there had been roughly 521,000 age-verification tickets.

The risk actors additionally shared a pattern of the stolen consumer information, which might embrace all kinds of data, together with e mail addresses, Discord usernames and IDs, telephone numbers, partial fee info, date of delivery, multi-factor authentication associated info, suspicious exercise ranges, and different inner info.

The fee info for some customers was allegedly retrievable by means of Zendesk integrations with Discord’s inner methods. These integrations reportedly allowed the attackers to carry out tens of millions of API queries to Discord’s inner database by way of the Zendesk platform and retrieve additional info.

BleepingComputer couldn’t independently confirm the hackers’ claims or the authenticity of the supplied information samples.

The hacker stated the group demanded $5 million in ransom, later lowering it to $3.5 million, and engaged in non-public negotiations with Discord between September 25 and October 2.

After Discord ceased communications and launched a public assertion in regards to the incident, the attackers stated they had been “extraordinarily offended” and plan to leak the information publicly if an extortion demand just isn’t paid.

BleepingComputer contacted Discord with further questions on these claims, together with why they retained authorities IDs after finishing age verification, however didn’t obtain solutions past the above assertion.