Building a Security Team
October 14, 2025

Advisory: Discord / Zendesk Breach — Technical Takeaways for Security Teams

Cybrary
Cybrary
Share

TL;DR

  • Validate vendor-sideMFA and access controls.
  • Rotate servicecredentials; revoke stale tokens.
  • Purge or encryptsupport attachments containing PII.
  • Add detections forabnormal vendor logins and token reuse.
  • Incorporate this breach into upcomingsecurity-awareness and IR refresh cycles.

Discord has confirmed a data breach through its third-party support vendor,Zendesk, following a 58-hour compromise of a vendor support account.

The attackers (claiming to be Scattered Lapsus$ Hunters) accessed support-ticket data, including user emails, IPs, limited billing details, and uploaded government-ID images.

Discord disputes the attacker’s claim of 1.5 TB exfiltrated, stating roughly 70,000 users were affected. Its core infrastructure was not breached.

Primary sources:

What Security Teams Should Do

1. Vendor & SaaS Access Review

  • Audit service accounts connected to ticketing or CRM platforms (Zendesk, Salesforce, Freshdesk).
  • Enforce SSO + MFA for all vendor identities; revoke stale OAuth tokens.
  •  Rotate API keys, service credentials, and webhooks tied to external systems.
  • Review CASB/IAM logs for anomalous logins or off-network activity.

2.Data Handling & Retention

  • Search ticketing systems for stored attachments containing IDs or PII.
  • Implement automatic redaction and encrypted storage for uploaded files.
  • Verify vendor retention settings (e.g., Zendesk → Security → Data Retention).

3.Credential and Threat Monitoring

  • Hunt for reused vendor credentials or token replay in SIEM data:
event.type=login AND user.role="support" AND NOT src_ip in_corporate_range
  • Look for abnormal OAuth activity, impossible travel, or elevated session durations.
  • Monitor phishing attempts spoofing Discord or Zendesk (URLscan → https://urlscan.io/search/#discord).

4.Integrate the Case into Awareness and IR Training

  • Use this breach as alive case study in vendor-risk tabletop exercises.
  • Reinforce principles of least privilege and MFA fatigue defense.
  • Update security awareness content to include third-party credential hygiene and sensitive-data handling.

Ready to take the next step?

Ensure that your organization is prepared and ready to identify and mitigate security risks. Level up their skills with Cybrary's Security Awareness Training. Request a demo, today.

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Career Development
February 3, 2026

What is Pentesting? A Beginner's Guide to Ethical Hacking and Pentesters

Learn what pentesting is, what pentesters do, the tools and skills that matter, and how to start with hands-on practice and certs. Train with Cybrary.

Read More
Building a Security Team
February 3, 2026

How to Launch a Security Awareness Training Program in 90 Days

Launch a security awareness training program in 90 days with Cybrary - build habits, run phishing simulations, coach users, and track progress.

Read More
News & Events
January 25, 2026

A New Age in Cybersecurity: How Federal Cuts Are Already Changing Cybersecurity

Federal cyber cuts are reshaping cybersecurity. With CISA downsized and intel sharing reduced, orgs must go self-reliant, investing in skills, tools, and plans.

Read More
Building a Security Team
January 12, 2026

How to Build an Employee Cybersecurity Training Program That Actually Reduces Risk

Build employee cybersecurity training that reduces risk, not just checks boxes: role-based practice, ongoing micro-lessons, phishing sims, & measurable results.

Read More