The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification.
Threat actors claim to have exfiltrated 1.5 terabytes of sensitive information, including over 2.1 million government-issued identification photos.
However, Discord disputes these figures, stating that approximately 70,000 users had their ID photos exposed during the September 20, 2025 incident.
The breach did not directly target Discord’s infrastructure but instead compromised customer support systems managed by Zendesk, a third-party vendor.
Attackers gained unauthorized access for 58 hours by compromising the account of a support agent employed by an outsourced business process provider.
The notorious cybercrime group Scattered Lapsus$ Hunters (SLH) has claimed responsibility for the attack, publicly taunting Discord while demanding ransom payment.
The stolen information primarily affects users who previously contacted Discord’s Customer Support or Trust & Safety teams.
Compromised data includes user names, Discord usernames, email addresses, and limited billing information such as payment methods and the last four digits of credit card numbers. Additionally, customer service message exchanges and user IP addresses were exposed.
The most concerning aspect involves the theft of government identification images, including driver’s licenses and passports, submitted by users appealing age-related account restrictions.
While attackers claim to possess 2,185,151 ID photos affecting 5.5 million users across 8.4 million support tickets, Discord maintains these figures are inflated as part of the extortion scheme.
Discord has refused to pay the demanded ransom and immediately terminated its partnership with the compromised vendor upon discovering the breach.
The company revoked all vendor access to its ticketing systems and launched a comprehensive internal investigation.
Working alongside a leading computer forensics firm, Discord is collaborating with law enforcement and data protection authorities to address the incident.
Discord has assured users that the breach did not expose complete credit card numbers, passwords, or private messages outside of customer support interactions.
Users whose government IDs were compromised will receive specific notification through the official email channel.
This incident underscores the growing threat of supply chain attacks, where cybercriminals target less secure third-party partners to access data from larger organizations.
The breach highlights critical vulnerabilities in outsourced customer service operations and the risks associated with storing sensitive verification documents.
The situation remains ongoing, with the full impact depending on whether the threat actors follow through on their threats to release the stolen data publicly.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.