Discord Cyberattack: Government IDs and Personal Data Exposed for 58 Hours
Date: September 20, 2025
Duration of Breach: 58 hours
Affected Platform: Discord’s customer support system via third-party vendor (Zendesk)
What Happened
Hackers targeted Discord’s customer support vendor, Zendesk, not Discord’s core platform. They gained access by compromising the credentials of a support agent. Using this method—mainly social engineering and credential stuffing—the attackers accessed user data without sophisticated malware or zero-day exploits.
This breach is a classic example of a supply chain attack, where cybercriminals exploit vulnerabilities in third-party services to reach their true target.
Data Stolen
The attackers potentially accessed extremely sensitive user data submitted to Discord support, including:
- Government-issued IDs: Driver’s licenses, passports, state IDs
- Full names and Discord usernames
- Email addresses and IP addresses
- Support ticket histories: Entire conversations with customer support
These ID documents could enable identity theft, making this breach more dangerous than typical password leaks.
Dispute Over Scale
There is a major disagreement about how many users were affected:
- Scattered Lapsus$ Hunters (hacker group): Claimed to have stolen 2.1 million government ID photos (1.5 TB of data)
- Discord: Asserted only 70,000 users were impacted, calling higher figures “misinformation for extortion purposes”
This discrepancy highlights uncertainty around the real scope of the breach. Users are left questioning whether Discord is downplaying the incident or hackers are inflating numbers.
Timeline of the Breach
- September 20, 2025: Hackers infiltrated Zendesk using compromised support agent credentials.
- Duration: Attack continued for 58 hours, during which attackers accessed sensitive data.
- Post-breach: Discord terminated the vendor’s access and engaged cybersecurity firms for investigation. Law enforcement was also notified.
Implications for Users
If you submitted documents to Discord support, your personal data could be floating on the dark web. Key concerns include:
- Identity theft risk: Sensitive ID documents contain enough information to impersonate users.
- Phishing attacks: Exposed emails and ticket histories may be used to craft targeted scams.
- Trust in third-party services: Highlights how a platform’s security can be compromised through vendor vulnerabilities.
Lessons & Takeaways
- Third-party risk: Companies increasingly rely on external vendors, which can become weak points.
- Credential security: Social engineering and compromised passwords remain major threats.
- Vigilance required: Users should monitor accounts for suspicious activity and be wary of phishing attempts.
Conclusion
While Discord’s core platform remained secure, this breach exposed a highly sensitive layer of user data through support interactions. The incident underscores the importance of vendor security audits and user awareness, especially when submitting personal documents online.
