Data Breach on Discord: Hackers Gain Access to IDs, Billing Information, and Support Chats
Discord acknowledges a third-party vendor data breach that exposed users’ names, email addresses, government-issued photo IDs, and restricted billing information of those who contacted customer service. Find out the entire risk.
Millions of gaming and community servers are powered by the well-known communication app Discord, which has disclosed a security breach involving one of its outside customer support organizations that exposed personal data for a small number of users.
On October 3, 2025, Discord released a formal statement stating that an attacker had successfully breached the networks of a third-party customer care provider (presumably Zendesk), obtaining unauthorized access to the support agent’s ticket queue, which contained sensitive user data. The business emphasized that there was no direct compromise of its primary systems. Investigators discovered that attempting to extract a monetary ransom from Discord was the attacker’s main objective.
What Information Was Stolen?
Only users who recently contacted Discord’s Customer Support or Trust & Safety teams are the owners of the disclosed data. This extremely private data consists of:
- Names, email addresses, Discord usernames, and additional contact information.
- The real communications with customer support representatives.
- Limited billing information, such as the credit card number’s last four digits and the payment method.
The fact that the attacker also obtained a limited quantity of government-issued ID photos, like passports or driver’s licenses, that users had submitted for age verification appeals, is possibly the most concerning aspect. The risk of identity theft for those impacted is greatly increased by the disclosure of these high-risk documents.
Affected individuals have received emails from Discord from the official address, [email protected]. The community is worried about the frequency of notifications, and Reddit users are now questioning whether the email they received about their data being impacted is authentic, underscoring the danger of opportunistic phishing efforts.
Email notification from Discord (source: Reddit)
Company Takes Quick Action
Discord instantly denied the support company access to its ticketing system after learning about the intrusion.The business is working with law enforcement, has started an internal inquiry, and has hired a top digital forensics company to help with cleanup. Additionally, Discord attests to having informed the appropriate data protection authorities.
Discord was transparent about the data that was stolen, but it omitted important information about the extent of the attack, the vendor’s name, the number of impacted users, and how long the breach lasted.
Users have been told by Discord, however, that passwords, complete credit card details, and general private communications on the platform were not accessed. Given the sensitive nature of the compromised data, the business is cautioning all affected consumers to be wary of any fraudulent emails or interactions.
Who’s Behind the Discord Data Breach?
However, as of this writing, the identity of the perpetrator of the Discord data breach is still unknown. However, the cyberattack is being claimed by “Scattered Lapsus$ Hunters,” a consortium that combines the strategies and branding of ShinyHunters, Lapsu$, and Scattered Spider.
Along with sarcastic remarks directed at the firm, the gang has posted screenshots on Telegram that seem to demonstrate access to Discord’s internal capabilities, such as administrative resources and data privacy dashboards.
The hackers disregarded Discord’s security measures, including blocking logins for Okta and Kolide, in their messages, arguing that they wouldn’t stop future invasions. Additionally, they disclosed information such as the purported internal network name “SLHM” and promised to post more stolen content on their “Data Leak Site” (DLS). By boasting about their financial gains and implying that they had significantly more data than what had previously been disclosed, the attackers further mocked Discord.
What’s Data Leak Site (DLS)?
According to Hackread.com, Scattered LAPSUS$ Hunters developed the public-facing platform known as DLS (Data Leak Site) to showcase purportedly stolen data, including one billion records purportedly compromised in the Salesforce hack.
The website presents the breach as a threat and a platform for negotiations, listing dozens of significant organizations that have purportedly been impacted and selling documents and files. By doing this, DLS serves as an instrument of pressure as well as a leak archive, bringing the targeted organizations into the public eye and increasing awareness of the demands of the attackers.
The leak site launched by Scattered LAPSUS$ Hunters
Discord and Cybersecurity
Despite being a third-party data leak, Discord is once again in serious water. Threat actors first targeted the platform in July 2025 by posing as the platform in order to spread the Epsilon Red ransomware. This was followed by a malware campaign in August 2025 that used the Discord Content Delivery Network (CDN).
This most recent hack also fits into a trend that demonstrates Discord’s continuous battle to defend its platform from emerging cybersecurity risks, such as those that take advantage of third-party suppliers or abuse important features to spread malware and commit scams.
About the Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
Salesforce Infrastructures Suspected of Nearly 1 Billion-Record Data Theft
About Author
English