Discord has disclosed a data breach involving a third-party customer service provider, resulting in unauthorized access to support-related user data.
The incident affected users who had interacted with Discord’s Customer Support or Trust & Safety teams, but did not involve direct access to Discord’s core platform, user accounts, or private messages.
The breach was publicly disclosed by Discord yesterday following an internal investigation triggered by the detection of unauthorized access. The company reports that an external attacker compromised a third-party customer service vendor, gaining access to a limited subset of user information stored in Discord’s support systems. Discord has since revoked the vendor’s access, engaged a digital forensics firm, and notified law enforcement.
According to Discord’s incident notice, the attacker appears to have targeted the vendor specifically to exfiltrate user data and then attempted to extort the company for ransom. While the full extent of the compromise remains under investigation, Discord confirmed that the following categories of data may have been exposed:
- User names, Discord handles, and email addresses
- Contact details submitted through support tickets
- Limited billing metadata (e.g., payment method, last four digits of credit card, and purchase history)
- IP addresses
- Chat transcripts with customer service agents
- A small number of uploaded government-issued ID documents from users appealing age verification decisions
- Internal training materials and corporate presentations
Discord emphasizes that no full credit card numbers, CVV codes, passwords, or authentication data were compromised. Additionally, no user activity or messages outside of support interactions were accessed.
Founded in 2015, Discord is a widely used communication platform with over 150 million monthly active users, primarily serving online communities, gamers, and creators. The platform offers voice, video, and text chat capabilities, and has become a critical infrastructure for digital community management.
Although not specified in the announcement, the incident is believed to be tied to the Salesforce attack wave conducted by the Scattered LAPSUS$ Hunters threat group earlier this year.
The company reiterated that it will not communicate with users about the incident via phone and cautions users to remain vigilant against phishing or impersonation attempts. Those affected should be cautious about messages asking for further personal information, even if they appear to originate from Discord or customer support.
This is why I will never upload pics of my face or my ID to any service. They just cant keep it safe.