Discord — Data Breach
Executive Summary
Discord disclosed that attackers compromised its third-party customer support vendor 5CA, which operated through Discord's Zendesk ticketing system, beginning around September 20, 2025. Approximately 70,000 government-issued ID photos submitted for age verification were exposed, along with names, email addresses, IP addresses, partial billing data, and support ticket transcripts.
What Happened
Discord disclosed that attackers compromised its third-party customer support vendor 5CA, which operated through Discord's Zendesk ticketing system, beginning around September 20, 2025. According to reports, the threat actor claimed to have bribed an offshore team member using Zendesk who was responsible for Discord's support channel handling manual ID verification. Discord revoked the vendor's access upon discovery, engaged computer forensics experts, and contacted law enforcement to investigate the incident.
Who Is Affected
Approximately 70,000 Discord users who submitted government-issued ID photos for age verification or age-related appeals had those documents exposed. A limited number of additional users who contacted Discord's Customer Support or Trust & Safety teams may have had their names, email addresses, Discord usernames, IP addresses, partial billing information including last four credit card digits and payment type, and support ticket message transcripts accessed. Discord is emailing affected users from noreply@discord.com to notify them of the exposure.
Why It Matters
This breach exposed highly sensitive government-issued identification documents that can be used for identity theft, fraud, or other malicious purposes beyond typical account credentials. The incident demonstrates the privacy risks inherent in relying on third-party customer support vendors who handle sensitive user data, particularly when those vendors employ offshore teams with access to verification systems. The compromise of a Zendesk ticketing system shows that even platforms with robust internal security can be vulnerable through their supply chain partners.
What You Should Do
Watch for official notification emails from Discord sent only from noreply@discord.com, as Discord will not contact users about this incident by phone. If you submitted government ID images to Discord support, monitor for potential identity theft or misuse of your personal information and consider replacing sensitive documents if necessary. Be cautious of phishing attempts that may reference this breach, and verify that any communications claiming to be from Discord come from their official email address.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.
Sources