Discord has confirmed that customers who contacted its buyer help service have had their information stolen by hackers, who’ve tried to extort a ransom from the corporate.
Based on the vastly standard messaging platform which has greater than 200 million month-to-month customers, the hackers breached a third-party customer support supplier quite than getting access to Discord immediately.
Nonetheless, the safety incident has uncovered information associated to Discord’s customer support system, together with:
- Identify, Discord username, e mail and different contact particulars if offered to Discord buyer help
- Restricted billing info corresponding to fee kind, the final 4 digits of bank cards, and buy historical past if related to accounts
- IP addresses
- Messages with customer support brokers
- Restricted company information (coaching supplies, inner shows)
As well as, Discord needs that the hack has uncovered a “small quantity” of customers’ authorities ID pictures (corresponding to driving licenses and passports).
The hackers are believed to have struck on September 20, 2025, when the third-party customer support suppliers – which has not been named by Discord, however seems to be Zendesk – was breached.
The Scattered Lapsus$ Hunters (SLH) gang claimed duty on Telegram for its involvement within the assault. The hackers posted screenshots which allegedly proved their entry to Discord’s inner administration instruments, and taunted the corporate about their safety.
Based on Discord’s official assertion, the compromised info is restricted to customers who contacted its Buyer Assist or Belief & Security groups, and didn’t embrace the publicity of full bank card numbers or CCV codes, messages or exercise on Discord past what customers could have mentioned with buyer help, or customers’ passwords.
However there are apparent issues that customers will typically share delicate info and attachments with help groups that they might not wish to fall into the arms of malicious hackers.
The overall variety of affected Discord customers has not been made public. Impacted customers are being contacted by the corporate by way of e mail.
Discord has warned customers to be cautious of scammers trying to take advantage of the info breach, and has underlined that it’ll not contact affected customers in regards to the incident by telephone and can solely ship official communications from [email protected].
Clearly it is sensible for any Discord consumer to be extraordinarily cautious about any communication which arrives claiming to be associated to the breach, as it might be an try by hackers to steal extra particulars – corresponding to passwords.
Within the wake of the assault Discord has revoked the client help supplier’s entry to its ticketing system, engaged with exterior specialists and legislation enforcement, and launched an inner investigation.
Sadly for Discord this isn’t the primary time it has discovered its identify hitting the headlines attributable to a breach at a third-party customer support supplier.
In March 2023, Discord notified customers that e mail addresses, messages, and any attachments despatched with help tickets might have been uncovered to hackers.
The lesson for corporations studying about Discord’s newest hack? As soon as once more, third-party suppliers is usually a weak hyperlink in your safety chain. As organisations more and more depend on third-party service suppliers, the assault floor expands past their direct management. It is not nearly ensuring that your individual methods are safe, but in addition assessing the safety of your distributors, and asking your self if you’re sensible to belief their structure.
