What happened?
Hackers say they stole about 2.1 million passport and driver’s license photos from Discord’s third-party Zendesk support system and are trying to extort the company. Discord confirmed an unauthorized party accessed its Zendesk instance, saying its own servers and user passwords or private messages weren’t breached but that some ID photos were accessed. Security researchers published sample files and claim the haul is about 1.5 TB, while Discord maintains the incident affected a limited number of users.
Who does this affect?
People who submitted ID photos to Discord for age verification or who contacted Customer Support or Trust & Safety could have had sensitive documents exposed. Those users now face higher risks of phishing, identity theft, and social engineering using the data allegedly taken. The incident also puts third-party helpdesk platforms and any companies that outsource support at greater risk, since attackers often target vendor systems with access privileges.
Why does this matter?
This kind of breach erodes user trust and could slow adoption of platform-based identity checks, pushing customers and regulators to demand stronger data-handling and vendor controls. Companies may face higher compliance, remediation and insurance costs, and possible customer churn, which can hurt revenues and valuations. Investors and buyers may reprice risk for SaaS vendors and support providers, while privacy-preserving alternatives like zero-knowledge ID solutions could see increased interest.