Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach
A recent data breach involving Discord resulted in the exposure of government ID photos and personal data of approximately 70,000 users globally. The breach originated from a third-party customer support service, Zendesk, used by Discord for age verification and support interactions. Hackers claim to have stolen over 2 million ID photos and other sensitive information, including names, email addresses, billing details, IP addresses, and support messages. The attackers are attempting to extort Discord by threatening to release the stolen data. Although Discord states only a small number of ID images were exposed, threat intelligence sources report a much larger volume of stolen data. This incident highlights risks associated with third-party service providers and the handling of sensitive identity verification data. European organizations using Discord or similar third-party services for identity verification should be aware of potential privacy and security implications. Mitigation requires stringent third-party risk management, enhanced data access controls, and proactive monitoring for extortion attempts.
AI Analysis
Technical Summary
On October 3, 2025, Discord disclosed a data breach affecting approximately 70,000 users whose government-issued ID photos were exposed. The breach stemmed from a compromise of a third-party customer support platform, Zendesk, which Discord uses for age verification and customer support. Hackers accessed and exfiltrated sensitive data, including over 2 million photos of government IDs, user names, Discord usernames, email addresses, billing information, IP addresses, and messages exchanged with support teams. The attackers provided proof of the breach to security researchers and are actively attempting to extort Discord by threatening to release the stolen data publicly. Discord attributes the breach to a malicious campaign targeting Zendesk's software suite but states Zendesk's platform itself was not compromised. This incident follows a similar breach in 2023 involving a third-party support agent's ticket queue. The breach underscores the risks of third-party data handling, especially for sensitive identity verification data. The attackers' ability to access extensive personal and corporate data raises concerns about identity theft, phishing, and targeted extortion. The breach also highlights the need for robust vendor security assessments and incident response plans involving third-party services.
Potential Impact
For European organizations, the breach poses significant privacy and security risks, especially for users who provided government-issued IDs for age verification or other purposes. Exposure of such sensitive personal data can lead to identity theft, fraud, and targeted phishing attacks. Organizations relying on Discord for communication or customer engagement may face reputational damage and legal liabilities under the GDPR due to inadequate protection of personal data. The breach also raises concerns about the security of third-party service providers, which are commonly used across industries in Europe. If attackers release the stolen data, it could facilitate large-scale identity fraud and social engineering campaigns targeting European users. Additionally, the incident may prompt regulatory scrutiny and enforcement actions against organizations that fail to ensure third-party compliance with data protection standards. The breach highlights the critical need for European entities to evaluate their third-party risk management and data protection strategies to prevent similar incidents.
Mitigation Recommendations
European organizations should implement comprehensive third-party risk management programs that include rigorous security assessments and continuous monitoring of vendors handling sensitive data. Specifically, organizations using Discord or similar platforms should: 1) Limit the amount of sensitive data shared with third-party services and ensure data minimization principles are applied. 2) Enforce strict access controls and encryption for data stored or processed by third parties. 3) Require contractual obligations for vendors to comply with GDPR and cybersecurity best practices, including incident notification requirements. 4) Monitor for signs of extortion or data leakage related to third-party breaches and establish rapid incident response protocols. 5) Educate users about the risks of identity theft and phishing stemming from such breaches. 6) Regularly audit and review third-party security posture, including penetration testing and compliance checks. 7) Consider alternative solutions or in-house capabilities for sensitive identity verification processes to reduce reliance on external vendors. 8) Collaborate with law enforcement and cybersecurity communities to share threat intelligence related to extortion attempts and data misuse.
Affected Countries
United Kingdom, Germany, France, Netherlands, Sweden, Italy, Spain, Belgium
Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach
Description
A recent data breach involving Discord resulted in the exposure of government ID photos and personal data of approximately 70,000 users globally. The breach originated from a third-party customer support service, Zendesk, used by Discord for age verification and support interactions. Hackers claim to have stolen over 2 million ID photos and other sensitive information, including names, email addresses, billing details, IP addresses, and support messages. The attackers are attempting to extort Discord by threatening to release the stolen data. Although Discord states only a small number of ID images were exposed, threat intelligence sources report a much larger volume of stolen data. This incident highlights risks associated with third-party service providers and the handling of sensitive identity verification data. European organizations using Discord or similar third-party services for identity verification should be aware of potential privacy and security implications. Mitigation requires stringent third-party risk management, enhanced data access controls, and proactive monitoring for extortion attempts.
AI-Powered Analysis
Technical Analysis
On October 3, 2025, Discord disclosed a data breach affecting approximately 70,000 users whose government-issued ID photos were exposed. The breach stemmed from a compromise of a third-party customer support platform, Zendesk, which Discord uses for age verification and customer support. Hackers accessed and exfiltrated sensitive data, including over 2 million photos of government IDs, user names, Discord usernames, email addresses, billing information, IP addresses, and messages exchanged with support teams. The attackers provided proof of the breach to security researchers and are actively attempting to extort Discord by threatening to release the stolen data publicly. Discord attributes the breach to a malicious campaign targeting Zendesk's software suite but states Zendesk's platform itself was not compromised. This incident follows a similar breach in 2023 involving a third-party support agent's ticket queue. The breach underscores the risks of third-party data handling, especially for sensitive identity verification data. The attackers' ability to access extensive personal and corporate data raises concerns about identity theft, phishing, and targeted extortion. The breach also highlights the need for robust vendor security assessments and incident response plans involving third-party services.
Potential Impact
For European organizations, the breach poses significant privacy and security risks, especially for users who provided government-issued IDs for age verification or other purposes. Exposure of such sensitive personal data can lead to identity theft, fraud, and targeted phishing attacks. Organizations relying on Discord for communication or customer engagement may face reputational damage and legal liabilities under the GDPR due to inadequate protection of personal data. The breach also raises concerns about the security of third-party service providers, which are commonly used across industries in Europe. If attackers release the stolen data, it could facilitate large-scale identity fraud and social engineering campaigns targeting European users. Additionally, the incident may prompt regulatory scrutiny and enforcement actions against organizations that fail to ensure third-party compliance with data protection standards. The breach highlights the critical need for European entities to evaluate their third-party risk management and data protection strategies to prevent similar incidents.
Mitigation Recommendations
European organizations should implement comprehensive third-party risk management programs that include rigorous security assessments and continuous monitoring of vendors handling sensitive data. Specifically, organizations using Discord or similar platforms should: 1) Limit the amount of sensitive data shared with third-party services and ensure data minimization principles are applied. 2) Enforce strict access controls and encryption for data stored or processed by third parties. 3) Require contractual obligations for vendors to comply with GDPR and cybersecurity best practices, including incident notification requirements. 4) Monitor for signs of extortion or data leakage related to third-party breaches and establish rapid incident response protocols. 5) Educate users about the risks of identity theft and phishing stemming from such breaches. 6) Regularly audit and review third-party security posture, including penetration testing and compliance checks. 7) Consider alternative solutions or in-house capabilities for sensitive identity verification processes to reduce reliance on external vendors. 8) Collaborate with law enforcement and cybersecurity communities to share threat intelligence related to extortion attempts and data misuse.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/discord-says-70000-users-had-ids-exposed-in-recent-data-breach/","fetched":true,"fetchedAt":"2025-10-09T08:06:58.384Z","wordCount":1042}
Threat ID: 68e76d22f5254f629ab65abd
Added to database: 10/9/2025, 8:06:58 AM
Last enriched: 10/9/2025, 8:07:11 AM
Last updated: 10/9/2025, 11:23:20 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day
MediumAll SonicWall Cloud Backup Users Had Firewall Configurations Stolen
MediumCVE-2025-11530: SQL Injection in code-projects Online Complaint Site
MediumCVE-2025-27049: CWE-126 Buffer Over-read in Qualcomm, Inc. Snapdragon
MediumCVE-2025-27045: CWE-126 Buffer Over-read in Qualcomm, Inc. Snapdragon
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.