Discord Zendesk Breach Escalates with Extortion and Data Leaks
Published
- Extortion demand: Malicious actors are attempting to extort Discord following a significant data breach originating from its Zendesk environment.
- Massive data leak: The breach involves 1.5 TB of data, including a repository of 2,185,151 age verification photos.
- Targeted release: The threat actors are now leaking information specifically connected to Discord user Tyler Robinson.
Discord is currently facing a significant extortion attempt following a major data security breach that has compromised sensitive user information. The incident stems from a breach of Discord's Zendesk environment, a third-party customer service platform.
Compromised User Data and Extortion Tactics
Malicious actors have claimed responsibility and are leveraging the stolen data to apply pressure on the company. The scale of the breach is substantial, with threat actors claiming to possess 1.5 terabytes of data.
The most alarming aspect of the data breach is the ID verification photo leak. The compromised dataset reportedly contains 2,185,151 photos submitted by users for age verification purposes, alongside an unknown number of email addresses.
This exposure of personally identifiable information (PII) presents a severe privacy risk for affected users.
To escalate their user data extortion campaign, the actors have begun selectively releasing information from Coinbase employee Discord accounts, most recently leaking data tied to a specific user named Tyler Robinson – who has the same name as the alleged Charlie Kirk shooter.
On October 3, Discord announced that it would start emailing users affected by a breach claimed by ShinyHunters, following a September 20 incident at a “third-party customer service provider” that impacted some users who had communicated with the Customer Support or Trust & Safety teams, with approximately 70,000 users’ government-ID photos possibly exposed.
Implications for User Security
The Discord Zendesk breach highlights the inherent risks associated with third-party vendor security and the storage of sensitive user verification data.
As threat actors continue their extortion campaign, the incident serves as a critical reminder of the cascading effects of a single point of failure in the supply chain. The situation remains active, with the potential for further data to be exposed as the extortion attempt continues.
Crimson Collective named October 5 ‘National Cybercrime Day,’ and hinted at a potential partnership with Scattered LAPSUS$ Hunters
In June, hijacked Discord links delivered a multi-stage AsyncRAT and Skuld Stealer campaign. In May, a massive alleged Steam data breach resulted in over 89 million records being put up for sale.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular