Overview

• Discord says approximately 70,000 users’ government‑ID photos tied to age‑appeal reviews may have been exposed via a third‑party customer support environment.
• Exposed data may also include names, Discord usernames, email addresses, IP addresses, messages with support agents, and limited billing details such as purchase history and the last four digits of credit cards.
• The company says its core systems were not breached, it revoked the vendor’s access, ended work with the compromised provider, notified affected users from [email protected], and involved law enforcement and external forensics.
• Threat actors claim they stole about 1.6 TB across millions of support tickets affecting 5.5 million users and pursued a ransom that reportedly shifted from $5 million to $3.5 million, assertions not verified by reporters.
• Zendesk states its platform was not compromised, with reporting pointing to a compromised support‑agent account at an outsourced provider as a likely vector.