Discord Hack: 5.5 Million User Data Exposed
“`html
Discord Refuses to Pay Ransom After Data Breach Affecting 5.5 million users
Table of Contents
Discord is contesting claims of a massive data breach and has vowed not to negotiate with threat actors demanding payment for stolen data.
What Happened?
Discord is responding to claims by threat actors who allege they stole 1.6 TB of data from the company’s Zendesk support system,impacting approximately 5.5 million unique users.the attackers claim to have accessed the system for 58 hours, beginning on September 20, 2025.The stolen data reportedly includes government IDs, partial payment information, and other personal details.
Tho, Discord disputes the extent of the breach and the accuracy of the figures being circulated. The company maintains that the incident did not originate from a direct breach of Discord’s systems, but rather from a compromise of a third-party service – specifically, a Zendesk instance used for customer support.
Discord asserts that approximately 70,000 users may have had government ID photos exposed, as these were used by the vendor to review age-related appeals. They strongly deny the claim that 2.1 million government ID photos were compromised.
The Attack Vector: A Compromised Support Agent
According to the threat actors, the breach stemmed not from a vulnerability in Zendesk itself, but from a compromised account belonging to a support agent employed by a Business Process Outsourcing (BPO) provider used by Discord. This highlights a growing trend of attackers targeting BPOs as a pathway to access downstream customer environments.
The hackers allege they gained access to Discord’s internal Zendesk instance and a support application called Zenbar. This access allegedly allowed them to perform actions such as disabling multi-factor authentication and retrieving user phone numbers and email addresses.
Discord’s Response and Stance on Ransom
Discord has firmly stated it will not pay a ransom to the threat actors. In a statement to BleepingComputer, Discord emphasized: “We will not reward those responsible for their illegal actions.” The company characterizes the demands for payment as an extortion attempt and accuses the attackers of sharing inaccurate information to inflate the perceived severity of the breach.
Discord is actively investigating the incident and working with its vendor to understand the full scope of the compromise and mitigate any further risks.
Impacted Data: What Was Potentially Exposed?
| Data Type | Estimated Users Affected (Discord Claim) | Estimated Users Affected (Attacker Claim) |
|---|---|---|
| Government ID Photos | Approximately 70,000 | 2.1 Million |
| Unique User Data | 5.5 Million | 5.5 Million |
| Partial Payment Information | unknown | Unknown |
| Phone Numbers & Email addresses | potentially a subset of 5.5 Million | Potentially a subset of 5.5 Million |
It’s notable to note the significant discrepancy between Discord’s and the attackers’ claims regarding the number of government ID photos exposed. The full extent of the compromised data remains under examination.
Why BPOs Are Attractive Targets
Outsourcing customer support and IT help desks to BPOs is a common practise, but it introduces a new layer of risk. bpos often handle sensitive customer data on behalf of multiple clients, making them a single point of failure. Attackers recognize this and increasingly target bpos to gain access to a wider range of victim organizations.
Key factors contributing to BPO vulnerability include:
- Weaker Security Posture: BPOs may have less robust security measures than their larger clients.
- High Employee Turnover: Frequent staff changes can lead to security lapses and inadequate training.