Discord has confirmed a data breach after hackers gained access to a third-party customer service system. The incident exposed personal and partial payment information of some users who interacted with Discord’s customer support and Trust and Safety teams.
The attack took place on September 20 and affected a limited number of users. According to Discord, the hackers managed to steal sensitive data, including names, email addresses, usernames, and even government-issued ID photos such as driver’s licenses and passports.
The company stated that the breach happened through a third-party customer service provider, which was compromised by attackers. Once Discord became aware of the situation, it immediately revoked the provider’s access, launched an internal investigation, and engaged a leading cybersecurity firm to assess the impact. Law enforcement agencies have also been notified.
“We took immediate action to isolate the support provider from our ticketing system and began an investigation,” said Discord in its official statement.
The attack was financially motivated. The hackers reportedly demanded a ransom from Discord in exchange for not leaking the stolen information.
The stolen data includes personally identifiable information (PII) such as real names, contact details, IP addresses, and messages exchanged with support agents. In some cases, hackers also accessed partial billing details like the type of payment used, the last four digits of credit cards, and purchase history.
Cybersecurity group VX-Underground noted that the stolen data represents “people’s entire identity,” making this breach particularly serious.
Alon Gal, CTO of threat intelligence company Hudson Rock, said that if the stolen database is leaked, it could help investigators uncover several crypto-related hacks and scams, since many cybercriminals use Discord as a communication hub.
A threat group called Scattered Lapsus$ Hunters (SLH) claimed responsibility for the attack. They even shared an image showing Discord’s Kolide access control list, which manages device trust and connects with Okta for multi-factor authentication.
SLH initially claimed they were behind the Zendesk breach that led to Discord’s data exposure. However, they later said it was carried out by another group they are familiar with.
Discord has not yet revealed the name of the third-party provider or how the hackers gained access to the system. The company is still investigating the incident and has not shared details on how many users were affected.
This breach follows a series of recent high-profile data leaks. Just last month, the ShinyHunters hacking group claimed to have stolen over 1.5 billion Salesforce records from 760 companies after exploiting stolen OAuth tokens. The same group also launched a data leak site listing dozens of corporate victims.
