Overview

• Discord disclosed on October 3 that attackers accessed data via a third-party customer support system, with names, usernames, emails, IP addresses, support messages, limited billing details, and a small number of government ID images confirmed exposed.
• Security researcher vx-underground alleges the haul includes about 1.5TB of age-verification photos totaling 2,185,151 images, and says the thieves are attempting to extort the company.
• Discord says impacted users will receive an email from [email protected], revoked the vendor’s access, engaged forensic investigators, and notified authorities and regulators.
• Zendesk, identified in reports as the support platform involved, says its own systems were not compromised and that the incident did not stem from a vulnerability in its platform.
• Who carried out the breach remains disputed, with conflicting attributions reported, and coverage notes the impact centers on users who interacted with Discord support rather than general chat or passwords.