TZUTC: -0500
MSGID: 1575.consprcy@1:2320/105 2d4cfb38
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
 [So what was Discord doing with goverment ID data?!?]

Discord reveals more on data breach - says 70,000 government ID photos may
have been leaked

Date:
Thu, 09 Oct 2025 11:25:00 +0000

Description:
The attackers don't agree with Discord's assessment - which could be worrying
for users.

FULL STORY

Discord has revealed more details about the recent third-party data breach
incident , including an estimate of the likely number of ID card photos 
stolen in the attack. 

The company had warned its users about a potential data breach, saying a
third-party customer support service provider was breached. The unauthorized
party then gained access to information from a limited number of users who 
had contacted Discord through our Customer Support and/or Trust & Safety
teams, Discord said at the time. 

The identity of the attackers was not disclosed, but Discord did say that the
crooks took personally identifiable data, contact information, some corporate
data, and a small number of government-issued ID cards.

How many ID cards? 

Now, BleepingComputer has claimed the company that was likely compromised was
Zendesk. 

It also managed to get in touch with the attackers, who claimed to have 
stolen data of 5.5 million unique users, including 2.1 million photos of
government IDs. The total size of the archive was 1.6TB, downloaded during 
the 58 hours of unabated access. 

The attackers told the publication they accessed the network through a
compromised account belonging to a support agent that was employed through an
outsourced business process outsourcing provider that Discord used. 

Discord does not agree on the severity of the breach, though. 

"First, as stated in our blog post, this was not a breach of Discord, but
rather a third-party service we use to support our customer service efforts,"
the company told the publication in a statement. 

"Second, the numbers being shared are incorrect and part of an attempt to
extort a payment from Discord. Of the accounts impacted globally, we have
identified approximately 70,000 users that may have had government-ID photos
exposed, which our vendor used to review age-related appeals." 

"Third, we will not reward those responsible for their illegal actions." The
attackers allegedly asked for $5 million - and later reduced the asking price
to $3.5 million.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/discord-reveals-more-on-data-breach-say
s-70-000-government-id-photos-may-have-been-leaked

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426