Discord Confirms Data Breach Exposing User Information

Discord, a leading communication platform widely used by gamers and community groups, has reported a significant data breach affecting a small number of users. On October 3, 2025, the company confirmed that an attacker compromised the systems of a third-party customer service provider, believed to be Zendesk. This breach allowed unauthorized access to sensitive customer data, although Discord clarified that its main systems were not directly affected.

The attacker accessed the support agent’s ticket queue, where personal information was stored. The compromised data includes users’ names, Discord usernames, email addresses, and limited billing details, such as the last four digits of credit card numbers. Even more concerning, the breach involved a small number of government-issued ID images, like driver’s licenses and passports, submitted for age verification purposes. This exposure raises serious concerns about potential identity theft for affected individuals.

Discord has proactively contacted impacted users from its official email address, [email protected]. However, the volume of notifications has led to confusion and concern among users, with many on Reddit questioning the authenticity of the emails they received and fearing phishing attempts.

Immediate Response and Ongoing Investigation

Following the discovery of the breach, Discord took swift action by revoking the support company’s access to its ticketing system. The company has initiated an internal investigation and enlisted the help of a leading computer forensics firm to assess the situation. Additionally, Discord is cooperating with law enforcement and has notified relevant data protection authorities.

While Discord provided clarity on the type of data exposed, it withheld details regarding the breach’s scope, the number of users affected, and the duration of the incident. The company reassured users that full credit card numbers, passwords, and private messages on the platform were not compromised. Nonetheless, Discord is urging all impacted users to exercise caution regarding any suspicious emails or communications due to the sensitive nature of the exposed information.

Attribution of the Breach

As of now, it remains unclear who exactly is behind this data breach. However, a group named Scattered Lapsus$ Hunters claims responsibility for the attack. This group combines tactics from various cybercriminal organizations, including Lapsu$ and ShinyHunters. They have shared screenshots on Telegram that purportedly show access to Discord’s internal tools, including data privacy dashboards.

In their posts, the hackers mocked Discord’s security measures, suggesting that disabling certain logins would not prevent further intrusions. They also threatened to release additional stolen material on their platform, known as the Data Leak Site (DLS), which they claim showcases extensive stolen data from various organizations.

DLS serves not only as a repository for leaked data but also as a pressure tool, presenting a negotiation platform for attackers demanding financial compensation from targeted companies. This incident adds to Discord’s growing list of security challenges, following a series of incidents in the past year, including cyberattacks using the platform as a vector for ransomware.

As Discord navigates the fallout from this breach, the company’s ongoing struggle with cybersecurity threats highlights the challenges faced by digital communication platforms in safeguarding user information.