Zendesk, the customer support agency fashionable with crypto buying and selling firms, was hacked this week and the attackers are utilizing stolen private knowledge to bribe the messaging platform Discord.
Discord revealed final Friday that customers interacting with its assist or belief and security groups might have been impacted by a breach concentrating on its third-party customer support supplier.
It claimed that hackers gained entry to “a small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination,” and will have accessed different private knowledge, from contact particulars to billing info.
Safety researcher VX Underground reported on Saturday that Zendesk was the compromised third occasion. Now, it says that the hackers obtained over 2 million age verification-related pictures and are extorting Discord with the pictures as leverage.
Chat, we’re cooked
Discord is being extorted by the individuals who compromised their Zendesk occasion
They have 1.5TB of age verification associated pictures. 2,185,151 pictures
tl;dr 2.1m Discord customers drivers license and/or passport is perhaps leaked. Unknown variety of e-mails
— vx-underground (@vxunderground) October 8, 2025
The breach reportedly occurred on September 20, 10 days earlier than Discord carried out a brand new arbitration settlement that mechanically enrolls customers except they choose out by October 30.
Discord has already begun the method of notifying customers affected by the breach and is actively working with legislation enforcement to analyze.
Zendesk is fashionable in crypto
Zendesk is a buyer assist agency that makes use of AI brokers in its service with giant shoppers akin to Uber, Squarespace, and Shopify.
It’s additionally partnered with crypto exchanges BtcTurk, Coinjar, HTX, and Rain, stablecoin TrueUSD, funds agency Mercuryo, analytics large Arkham, and infrastructure supplier Prometheum.
Rain was hacked for over $14 million in crypto in April final yr, and BtcTurk suspended its withdrawals this August after shedding $49 million to hackers. It beforehand misplaced $55 million in 2024 from one other assault.
Leaked knowledge is commonly used to focus on customers with phishing scams, whereas authorities IDs can present criminals with a way to bypass know-your-customer checks with out having to make use of their very own ID.
