Discord has confirmed that customers who contacted its buyer assist service have had their information stolen by hackers, who’ve tried to extort a ransom from the corporate.
In line with the vastly common messaging platform which has greater than 200 million month-to-month customers, the hackers breached a third-party customer support supplier moderately than having access to Discord straight.
Nonetheless, the safety incident has uncovered information associated to Discord’s customer support system, together with:
- Title, Discord username, e mail and different contact particulars if supplied to Discord buyer assist
- Restricted billing data akin to cost sort, the final 4 digits of bank cards, and buy historical past if related to accounts
- IP addresses
- Messages with customer support brokers
- Restricted company information (coaching supplies, inside displays)
As well as, Discord desires that the hack has uncovered a “small quantity” of customers’ authorities ID photographs (akin to driving licenses and passports).
The hackers are believed to have struck on September 20, 2025, when the third-party customer support suppliers – which has not been named by Discord, however appears to be Zendesk – was breached.
The Scattered Lapsus$ Hunters (SLH) gang claimed accountability on Telegram for its involvement within the assault. The hackers posted screenshots which allegedly proved their entry to Discord’s inside administration instruments, and taunted the corporate about their safety.
In line with Discord’s official assertion, the compromised data is proscribed to customers who contacted its Buyer Help or Belief & Security groups, and didn’t embody the publicity of full bank card numbers or CCV codes, messages or exercise on Discord past what customers could have mentioned with buyer assist, or customers’ passwords.
However there are apparent considerations that customers will typically share delicate data and attachments with assist groups that they’d not need to fall into the fingers of malicious hackers.
The whole variety of affected Discord customers has not been made public. Impacted customers are being contacted by the corporate through e mail.
Discord has warned customers to be cautious of scammers making an attempt to use the info breach, and has underlined that it’s going to not contact affected customers in regards to the incident by cellphone and can solely ship official communications from [email protected].
Clearly it is smart for any Discord person to be extraordinarily cautious about any communication which arrives claiming to be associated to the breach, as it might be an try by hackers to steal extra particulars – akin to passwords.
Within the wake of the assault Discord has revoked the shopper assist supplier’s entry to its ticketing system, engaged with exterior consultants and regulation enforcement, and launched an inside investigation.
Sadly for Discord this isn’t the primary time it has discovered its title hitting the headlines as a consequence of a breach at a third-party customer support supplier.
In March 2023, Discord notified customers that e mail addresses, messages, and any attachments despatched with assist tickets may have been uncovered to hackers.
The lesson for corporations studying about Discord’s newest hack? As soon as once more, third-party suppliers is usually a weak hyperlink in your safety chain. As organisations more and more depend on third-party service suppliers, the assault floor expands past their direct management. It isn’t nearly ensuring that your personal techniques are safe, but additionally assessing the safety of your distributors, and asking your self if you’re clever to belief their structure.
