Discord won’t pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed.Discord announced it won’t pay the threat actors claiming to have stolen data on 5.5M users, clarifying that only about 70K ID photos were actually exposed. The attackers claimed they have breached Discord’s Zendesk support instance, but the company has yet to confirm it.Attackers claim they have exploited Zendesk integrations to query Discord’s internal systems and stole 1.6TB of data, including 8.4M support tickets. This week, the free communication platform disclosed a breach at a third-party customer support provider that exposed data of users who contacted its Support or Trust & Safety teams.The stolen info includes names, usernames, emails, contact and billing details, IPs, and messages with agents. The instant messaging and VoIP social platform said government ID images were also exposed for users who appealed age verification decisions.The company states that financial data (full credit card numbers or CCV codes) and passwords or authentication data were exposed.Discord pointed out that its systems were not breached.“Discord recently discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. This incident impacted a limited number of users who had communicated with our Customer Support or Trust & Safety teams.” reads the Update on the Security Incident published by the company.This unauthorized party did not gain access to Discord directly. “Discord promptly revoked the third-party provider’s access to its support systems and launched an internal investigation with the help of a leading computer forensics firm. The company notified law enforcement. Discord confirmed no data beyond user interactions with support agents was accessed and is notifying affected users via email.Vx-underground researchers reported that hackers are extorting Discord, claiming to have stolen 1.5TB of age verification photos, totaling over 2.1M images.Chat, we are cookedDiscord is being extorted by the people who compromised their Zendesk instanceThey've got 1.5TB of age verification related photos. 2,185,151 photostl;dr 2.1m Discord users drivers license and/or passport might be leaked. Unknown number of e-mails— vx-underground (@vxunderground) October 8, 2025Below is the statement that Discord’s spokesperson Nu Wexler told The Verge:“Following last week’s announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions.All affected users globally have been contacted and we continue to work closely with law enforcement, data protection authorities, and external security experts. We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause.”The threat actors told BleepingComputer they may have stolen over 70,000 government IDs among 521,000 age-verification tickets and shared stolen data samples, including emails, usernames, phone numbers, payment details, and MFA info. They allegedly used Zendesk integrations to run millions of API queries into Discord’s internal systems to retrieve additional user data.BleepingComputer reported that the attackers initially demanded $5M, later $3.5M, from Discord and negotiated privately until October 2. After Discord stopped the negotiation and went public, they threatened to leak the data.Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, data breach)