A new cybersecurity incident has rocked Discord, with threat actors claiming to have stolen sensitive data from 5.5 million users through an alleged breach of the company’s Zendesk support system. The hackers allege that the compromised data includes government IDs, partial payment details, and personal contact information—raising serious privacy concerns among users and the cybersecurity community.
Discord, however, disputes the attackers’ claims, stating that the numbers are exaggerated and that the breach occurred not within Discord’s own infrastructure but in a third-party customer support service. In a statement to BleepingComputer, the company clarified, “This was not a breach of Discord, but rather a third-party service we use to support our customer service efforts.” The platform emphasized that only about 70,000 users had their government ID photos exposed, rather than the 2.1 million claimed by the hackers.
According to reports, the breach began on September 20, 2025, and lasted for approximately 58 hours. The hackers claim they infiltrated Discord’s Zendesk instance using compromised credentials from a support agent working for an outsourced BPO provider. This vector aligns with a growing trend of supply-chain and vendor-based cyberattacks, where threat actors exploit weaker security in third-party environments to gain access to larger targets.
The attackers assert they gained full administrative access to Discord’s internal Zendesk tools, including a custom-built support dashboard called Zenbar, which allegedly allowed them to disable multi-factor authentication, retrieve user contact data, and view support tickets. The group claims to have exfiltrated 1.6 terabytes of data, including 1.5 TB of attachments and over 100 GB of transcripts, amounting to 8.4 million support tickets involving 5.5 million users. They also allege that 580,000 users’ payment-related details were exposed through integrations between Zendesk and Discord’s internal systems.
Discord has refused to pay the hackers’ $5 million ransom demand, which was later reduced to $3.5 million during negotiations. After Discord halted communications and made a public statement, the attackers threatened to leak the stolen data if payment is not received.
This breach underscores the critical vulnerabilities in outsourced IT and customer support ecosystems, where even a single compromised employee account can lead to massive data exposure. The incident also highlights the importance of continuous monitoring, strong access controls, and vendor security assessments. Companies relying on third-party providers must ensure they enforce robust identity verification and MFA policies, especially for accounts with administrative privileges.
While Discord maintains that no direct breach of its core systems occurred, cybersecurity experts warn that data from customer support platforms can still contain highly sensitive personal information, potentially usable for phishing, identity theft, and targeted scams. The full extent of the breach remains unclear as investigators continue to verify the hackers’ claims and assess potential user impact.
Conclusion:
The alleged Discord data breach is a wake-up call for every organization using third-party platforms for customer support. Even when core systems remain secure, outsourced services can become weak links in the cybersecurity chain. As Discord continues to investigate and strengthen its defenses, this incident serves as a critical reminder: cyber resilience is only as strong as the weakest vendor in your supply chain.
