Discord, the popular communication platform known for powering millions of gaming and community servers, has confirmed a security incident involving one of its outside customer service companies, which has resulted in the exposure of personal information for a limited number of users.
Discord issued an official update on October 3, 2025, explaining that an attacker successfully compromised the systems of a third-party customer service provider (apparently Zendesk), gaining unauthorised access to the support agent’s ticket queue, where sensitive customer data was stored. The company emphasised that its own main systems were not directly breached. Investigators found the attacker’s primary goal was to try and demand a financial ransom from Discord.
What Information Was Stolen?
The exposed data belongs only to users who had recently contacted Discord’s Customer Support or Trust & Safety teams. This highly sensitive information includes:
- Names, Discord usernames, email addresses, and other contact details.
- The actual messages exchanged with customer service agents.
- Limited billing details, specifically the payment method and the last four digits of a credit card number.
Perhaps the most alarming detail is that the attacker also gained access to a small number of government-issued ID images, such as driver’s licenses or passports, submitted by users for age verification appeals. The exposure of these high-risk documents significantly increases the danger of identity theft for the affected individuals.
Discord has emailed impacted users from the official address ([email protected]). The volume of notifications has caused concern among the community, as concerned users on Reddit are now asking if the email they received about their data being affected is real, highlighting the risk of opportunistic phishing attempts.
Company Takes Quick Action
Upon discovering the breach, Discord immediately revoked the support company’s access to its ticketing system. The company has launched an internal investigation, brought in a leading computer forensics firm to assist with remediation, and is cooperating with law enforcement. Discord also confirmed that it has notified relevant data protection authorities.
While Discord was clear on what data was taken, the company withheld critical details regarding the attack’s scope, the name of the vendor, the number of affected users, and the duration of the breach.
Nevertheless, Discord has reassured users that full credit card numbers, passwords, and general private messages on the platform were not accessed. The company is advising all impacted users to be cautious against any suspicious emails or communications, given the sensitive nature of exposed data.
Who’s Behind Discord Data Breach?
Although at the time of writing, it remains unclear who is behind the Discord data breach. However, “Scattered Lapsus$ Hunters,” a coalition that combines the tactics and branding of Scattered Spider, Lapsu$, and ShinyHunters, is taking responsibility for the cyber attack.
The group has shared screenshots on Telegram that appear to show access to Discord’s internal tools, including data privacy dashboards and administrative resources, alongside mocking messages aimed at the company.
In their posts, the hackers dismissed Discord’s security measures, such as disabling Okta and Kolide logins, claiming these steps would not prevent further intrusions. They also revealed details like the alleged internal network name “SLHM” and threatened to publish additional stolen material on their “Data Leak Site” (DLS). The attackers further taunted Discord by boasting about their financial gains and suggesting they had far more data than what had already been leaked.
What’s Data Leak Site (DLS)?
DLS (Data Leak Site), as reported by Hackread.com, is the public-facing platform created by Scattered LAPSUS$ Hunters to display alleged stolen data, one billion records claimed in the case of the Salesforce breach.
The site lists dozens of major organisations reportedly affected, and offers documentation and files for sale, framing the breach as both a threat and a negotiation platform. By doing so, DLS acts not just as a leak archive but as a tool of pressure, forcing targeted companies into the spotlight and escalating visibility around the attackers’ demands.
Discord and Cybersecurity
Although this is a third-party data breach, it does put Discord in hot water again. The platform was previously targeted in July 2025 by threat actors impersonating the platform to distribute the Epsilon Red ransomware, followed by an August 2025 malware attack leveraging the Discord Content Delivery Network (CDN).
This latest breach is also part of a pattern showing Discord’s ongoing struggle to protect its platform from growing cybersecurity threats, whether they exploit third-party vendors or misuse key features for scams and malware distribution.
RELATED NEWS
- This Site is Selling Billions of Private Messages of Discord Users
- Discord.io Admits Data Breach as Info of 760K Users Sold Online
- New Winos4.0 Malware Targeting Windows via Fake Gaming Apps
- Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M
- Chess.com Hit by Data Breach Linked to 3rd-Party File Transfer Tool
