Zendesk, the customer support agency widespread with crypto buying and selling corporations, was hacked this week and the attackers are utilizing stolen private knowledge to bribe the messaging platform Discord.
Discord revealed final Friday that customers interacting with its help or belief and security groups could have been impacted by a breach concentrating on its third-party customer support supplier.
It claimed that hackers gained entry to “a small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination,” and will have accessed different private knowledge, from contact particulars to billing info.
Safety researcher VX Underground reported on Saturday that Zendesk was the compromised third celebration. Now, it says that the hackers obtained over 2 million age verification-related photographs and are extorting Discord with the photographs as leverage.
Chat, we’re cooked
Discord is being extorted by the individuals who compromised their Zendesk occasion
They have 1.5TB of age verification associated photographs. 2,185,151 photographs
tl;dr 2.1m Discord customers drivers license and/or passport is perhaps leaked. Unknown variety of e-mails
— vx-underground (@vxunderground) October 8, 2025
The breach reportedly occurred on September 20, 10 days earlier than Discord carried out a brand new arbitration settlement that robotically enrolls customers except they choose out by October 30.
Discord has already begun the method of notifying customers affected by the breach and is actively working with legislation enforcement to research.
Zendesk is widespread in crypto
Zendesk is a buyer help agency that makes use of AI brokers in its service with massive purchasers resembling Uber, Squarespace, and Shopify.
It’s additionally partnered with crypto exchanges BtcTurk, Coinjar, HTX, and Rain, stablecoin TrueUSD, funds agency Mercuryo, analytics big Arkham, and infrastructure supplier Prometheum.
Rain was hacked for over $14 million in crypto in April final yr, and BtcTurk suspended its withdrawals this August after dropping $49 million to hackers. It beforehand misplaced $55 million in 2024 from one other assault.
Leaked knowledge is commonly used to focus on customers with phishing scams, whereas authorities IDs can present criminals with a method to bypass know-your-customer checks with out having to make use of their very own ID.
