Attackers compromised a support agent’s account and maintained access for 58 hours, during which they exfiltrated a reported 1.5 terabytes of sensitive user data.
The group claiming responsibility, Scattered Lapsus$ Hunters (SLH), publicly taunted Discord and demanded a ransom, asserting they held 2,185,151 government-issued identification photos submitted by users for age verification.
Discord’s subsequent internal investigation refutes those figures, stating that approximately 70,000 users had their ID images exposed rather than the millions claimed.
The incident did not breach Discord’s core infrastructure or customer databases but exploited vulnerabilities in the vendor’s ticketing system, underscoring the risks of supply chain attacks on less secure third-party operations.
The stolen dataset includes user names, Discord usernames, email addresses, customer support message transcripts, IP addresses, and limited billing information such as payment methods and the last four digits of credit card numbers.
Crucially, the exposed government identification images consist of driver’s licenses, passports, and other ID proofs submitted by users appealing age restrictions.
Upon learning of the breach, Discord immediately revoked all vendor access to its ticketing systems and terminated the partnership with the compromised Zendesk environment.
The company engaged a leading computer forensics firm and notified law enforcement and data protection authorities.
Discord stressed that full credit card numbers, passwords, and private message contents outside customer support interactions were not affected.
Affected users will receive direct email notifications detailing the breach of their ID images and guidance on protective measures.
This incident spotlights the growing threat of cybercriminals targeting third-party service providers to circumvent stronger security controls at larger organizations.
Supply chain attacks, such as this breach of outsourced customer support, can expose vast troves of sensitive verification documents and personal data.
Organizations must enforce stringent security standards, continuous monitoring, and access controls for all partners handling critical user information.
The full impact of this breach remains uncertain. Discord has refused to pay the ransom demanded by SLH and is closely monitoring the threat actors’ movements to determine if the stolen data will be publicly released.
As investigations continue, companies across the technology sector are urged to reassess their vendor risk management strategies to prevent similar compromises.
CVE Table
| CVE ID | Affected Component | Description | Exploit Prerequisite | CVSS 3.1 Score |
|---|---|---|---|---|
| None assigned | Zendesk customer support portal | Unauthorized access via compromised agent credentials | Valid support agent login credentials | N/A |
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
The post Discord Data Breach – 1.5TB of Data and 2M ID Photos Held for Ransom appeared first on Cyber Security News.
The Fast & Furious universe is getting not one, but a whopping four shows at…
Self-described 'friendslop' game Gamble With Your Friends has reached 1 million copies sold just one…
If you're a Windows user who's looking for a PC version of the Apple Mac…
We've entered Week 2 of Crunchyroll's 'Ani-May' celebrations, and this week's headlining deal is a…
INDIANAPOLIS, Ind. (WOWO) — Pack your patience alongside your sunscreen this Memorial Day. According to…
INDIANAPOLIS, Ind. (WOWO) — Pack your patience alongside your sunscreen this Memorial Day. According to…
This website uses cookies.