Discord Extortion Follows Support Vendor Breach: Zendesk Says Its Systems Were Not Compromised
Last updated October 10, 2025
- Extortion demand: Malicious actors are attempting to extort Discord following a significant data breach involving a third-party customer support platform used by Discord.
- Massive data leak: The breach involves 1.5 TB of data, including a repository of 2,185,151 age verification photos.
- Targeted release: The threat actors are now leaking information specifically connected to Discord user Tyler Robinson.
Discord is currently facing a significant extortion attempt following a major data security breach that has compromised sensitive user information. The incident stems from a breach of Discord's third-party customer service platform.
Compromised User Data and Extortion Tactics
Malicious actors have claimed responsibility and are leveraging the stolen data to apply pressure on the company. The scale of the breach is substantial, with threat actors claiming to possess 1.5 terabytes of data.
Zendesk, which has been referenced in reports about the incident, told TechNadu that its own systems were not compromised.
"Our investigation indicates this incident did not arise from a vulnerability within Zendesk's platform. Zendesk’s own systems were not compromised," a Zendesk spokesperson asserted.
Discord has published an update naming the vendor involved. "This was not a breach of Discord, but rather a breach of a third party service provider, 5CA, that we used to support our customer service efforts," the press release confirmed.
The most alarming aspect of the data breach is the ID verification photo leak. The compromised dataset reportedly contains 2,185,151 photos submitted by users for age verification purposes, alongside an unknown number of email addresses.
This exposure of personally identifiable information (PII) presents a severe privacy risk for affected users.
To escalate their user data extortion campaign, the actors have begun selectively releasing information from Coinbase employee Discord accounts, most recently leaking data tied to a specific user named Tyler Robinson – who has the same name as the alleged Charlie Kirk shooter.
On October 3, Discord announced that it would start emailing users affected by a breach claimed by ShinyHunters, following a September 20 incident at a “third-party customer service provider” that impacted some users who had communicated with the Customer Support or Trust & Safety teams, with approximately 70,000 users’ government-ID photos possibly exposed.
Implications for User Security
The Discord support vendor breach highlights the inherent risks associated with third-party customer service platforms and the storage of sensitive user verification data.
As threat actors continue their extortion campaign, the incident serves as a critical reminder of the cascading effects of a single point of failure in the supply chain. The situation remains active, with the potential for further data to be exposed as the extortion attempt continues.
Crimson Collective named October 5 ‘National Cybercrime Day,’ and hinted at a potential partnership with Scattered LAPSUS$ Hunters
In June, hijacked Discord links delivered a multi-stage AsyncRAT and Skuld Stealer campaign. In May, a massive alleged Steam data breach resulted in over 89 million records being put up for sale.
Editorial note: This story has been updated to include a statement from a Zendesk spokesperson
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular