Discord Zendesk breach highlights growing risk of third-party vendor access

**Executive Summary:** In October 2025, attackers abused legitimate credentials or sessions to access Discord’s third-party Zendesk support environment, exposing support tickets and identity verification documents for about 70,000 users while Discord reported its core authentication systems were not affected. The report assesses identity-theft and targeted-phishing risks, regulatory and reputational impacts, and recommends mitigations such as phishing-resistant MFA (FIDO2/WebAuthn), strict least-privilege access, vendor security assessments, data retention limits, behavioral monitoring, and third-party incident response playbooks.