A third-party data breach at Discord has exposed the government-issued IDs of 70,000 users, highlighting the significant security risks associated with supply chain vulnerabilities and age verification processes. The incident has sparked extortion demands and raised concerns for Australian users.
Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
Oracle has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite. The Clop ransomware group has been exploiting the flaw to steal executive data and launch widespread extortion campaigns affecting thousands of organisations globally.
A third-party data breach at Discord has exposed the government-issued IDs of 70,000 users, highlighting the significant security risks associated with supply chain vulnerabilities and age verification processes. The incident has sparked extortion demands and raised concerns for Australian users.
Cyber News Centre's cyber update for 10th October 2025: Discord has confirmed a significant data breach linked to a third-party customer support vendor, exposing sensitive user information, including government-issued identification documents.
Discord is a global communication platform used by more than 200 million people each month. The service, best known for its voice, video, and text chat functions, has a large user base across gaming and online communities.
The Update: In an update published on 8 October 2025, Discord confirmed that an unauthorised actor had compromised one of its external customer support providers, exposing the data of about 70 000 users. The attackers gained access to Discord’s Zendesk ticketing platform for 58 hours through a compromised support-agent account.
The exposed data includes government-issued ID images such as driver’s licences and passports, submitted by users for age-verification purposes, as well as names, email addresses, limited billing details, and the contents of customer support tickets.
Discord emphasised that its own systems were not compromised, explaining, “This was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Once we became aware of the attack, we took immediate steps to contain it, revoke the vendor’s access, and involve law enforcement.”
The attackers are reportedly attempting to extort Discord by threatening to release the stolen data, which they claim is larger in scope than Discord has confirmed.
Why It Matters: This breach underscores the mounting risk of supply-chain exposure in cybersecurity. Even when an organisation’s own defences are strong, vulnerabilities in third-party vendors can create dangerous entry points for attackers. The incident arrives as Australia prepares to implement stricter social-media age-verification requirements, raising concerns that such regulations could inadvertently generate new high-value targets for cybercriminals.
The exposure of identification documents presents a serious risk of identity theft and targeted phishing campaigns for affected users worldwide. The breach highlights the urgent need for organisations to audit the security posture of all external partners handling personal or biometric data.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
Oracle has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite. The Clop ransomware group has been exploiting the flaw to steal executive data and launch widespread extortion campaigns affecting thousands of organisations globally.
The NSW Reconstruction Authority has confirmed a major data breach affecting 3,000 flood victims after a contractor uploaded sensitive personal and health information to ChatGPT. The breach, undisclosed for more than six months, raises serious concerns about security and transparency.
Security researchers have unmasked Phantom Taurus, a sophisticated Chinese state-sponsored hacking group. For over two years, the group has conducted covert espionage against government and telecommunications organisations worldwide using a custom, fileless malware suite called NET-STAR.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
