Social media platform Discord on Wednesday confirmed that hackers stole photos of government identification documents for 70,000 users as part of the recent data breach.
The company revealed the incident on October 3, blaming it on a third-party service it uses for customer support and saying that only individuals who interacted with its Customer Support or Trust & Safety teams were affected.
“Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals,” Discord said in an October 8 update.
The hackers also compromised names, Discord usernames, email addresses, contact details, billing information, IP addresses, messages exchanged with the support teams, and limited corporate data, the company has revealed.
While Discord says only “a small number of government‑ID images” were exposed in the incident, the hackers claim to have obtained 1.5 terabytes of such data, or 2,185,151 photos, the threat intelligence and research project Vx-Underground says.
The data breach was the result of a broader campaign targeting the Zendesk software suite, which occurred over a month ago, Vx-Underground notes.
“Discord Zendesk falls within [the] scope of this malicious campaign. Discord confirmed they were a victim of this malicious campaign on their press release page when they disclosed their compromise,” Vx-Underground says.
The threat actors responsible for the incident, who have not identified themselves, have provided proof of compromise to Vx-Underground and other security researchers and said they were actively trying to extort Discord.
“They are threatening to release the stolen data if Discord does not pay them an undisclosed amount of money. According to the threat actors, Discord is ignoring them and/or not complying with their demands,” Vx-Underground says.
Earlier this week, Zendesk told SecurityWeek that the Discord incident was not the result of a vulnerability in its platform, and that its systems were not compromised.
SecurityWeek has emailed both Discord and Zendesk for statements on the matter and will update this article if either of the companies responds.
In May 2023, Discord disclosed a data breach that arose from the compromise of “a third-party customer service agent’s support ticket queue”. While the company did not name the hacked service, reports at the time suggested that it was Zendesk.
Related: Ransomware Group Claims Attack on Beer Giant Asahi
Related: Hackers Stole Data From Public Safety Comms Firm BK Technologies
Related: Consolidate Vendors and Products for Better Security
Related: Mississippi Creates New Cyber Unit, Names 1st Director
