Discord, the favored communication platform identified for powering tens of millions of gaming and neighborhood servers, has confirmed a safety incident involving certainly one of its exterior customer support firms, which has resulted within the publicity of private info for a restricted variety of customers.
Discord issued an official replace on October 3, 2025, explaining that an attacker efficiently compromised the programs of a third-party customer support supplier (apparently Zendesk), gaining unauthorised entry to the assist agent’s ticket queue, the place delicate buyer information was saved. The corporate emphasised that its personal principal programs weren’t instantly breached. Investigators discovered the attacker’s major aim was to attempt to demand a monetary ransom from Discord.
What Data Was Stolen?
The uncovered information belongs solely to customers who had just lately contacted Discord’s Buyer Help or Belief & Security groups. This extremely delicate info contains:
- Names, Discord usernames, e mail addresses, and different contact particulars.
- The precise messages exchanged with customer support brokers.
- Restricted billing particulars, particularly the cost methodology and the final 4 digits of a bank card quantity.
Maybe essentially the most alarming element is that the attacker additionally gained entry to a small variety of government-issued ID photographs, comparable to driver’s licenses or passports, submitted by customers for age verification appeals. The publicity of those high-risk paperwork considerably will increase the hazard of id theft for the affected people.
Discord has emailed impacted customers from the official deal with ([email protected]). The amount of notifications has brought about concern among the many neighborhood, as involved customers on Reddit at the moment are asking if the e-mail they obtained about their information being affected is actual, highlighting the danger of opportunistic phishing makes an attempt.
Firm Takes Fast Motion
Upon discovering the breach, Discord instantly revoked the assist firm’s entry to its ticketing system. The corporate has launched an inside investigation, introduced in a number one laptop forensics agency to help with remediation, and is cooperating with legislation enforcement. Discord additionally confirmed that it has notified related information safety authorities.
Whereas Discord was clear on what information was taken, the corporate withheld important particulars relating to the assault’s scope, the title of the seller, the variety of affected customers, and the length of the breach.
Nonetheless, Discord has reassured customers that full bank card numbers, passwords, and basic non-public messages on the platform weren’t accessed. The corporate is advising all impacted customers to be cautious in opposition to any suspicious emails or communications, given the delicate nature of uncovered information.
Who’s Behind Discord Knowledge Breach?
Though on the time of writing, it stays unclear who’s behind the Discord information breach. Nevertheless, “Scattered Lapsus$ Hunters,” a coalition that mixes the techniques and branding of Scattered Spider, Lapsu$, and ShinyHunters, is taking accountability for the cyber assault.
The group has shared screenshots on Telegram that seem to indicate entry to Discord’s inside instruments, together with information privateness dashboards and administrative sources, alongside mocking messages aimed on the firm.
Of their posts, the hackers dismissed Discord’s safety measures, comparable to disabling Okta and Kolide logins, claiming these steps wouldn’t forestall additional intrusions. Additionally they revealed particulars just like the alleged inside community title “SLHM” and threatened to publish further stolen materials on their “Knowledge Leak Website” (DLS). The attackers additional taunted Discord by boasting about their monetary beneficial properties and suggesting that they had way more information than what had already been leaked.
What’s Knowledge Leak Website (DLS)?
DLS (Knowledge Leak Website), as reported by Hackread.com, is the public-facing platform created by Scattered LAPSUS$ Hunters to show alleged stolen information, one billion data claimed within the case of the Salesforce breach.
The location lists dozens of main organisations reportedly affected, and affords documentation and information on the market, framing the breach as each a menace and a negotiation platform. By doing so, DLS acts not simply as a leak archive however as a instrument of stress, forcing focused firms into the highlight and escalating visibility across the attackers’ calls for.
Discord and Cybersecurity
Though it is a third-party information breach, it does put Discord in scorching water once more. The platform was beforehand focused in July 2025 by menace actors impersonating the platform to distribute the Epsilon Purple ransomware, adopted by an August 2025 malware assault leveraging the Discord Content material Supply Community (CDN).
This newest breach can be a part of a sample displaying Discord’s ongoing battle to guard its platform from rising cybersecurity threats, whether or not they exploit third-party distributors or misuse key options for scams and malware distribution.
RELATED NEWS
- This Website is Promoting Billions of Non-public Messages of Discord Customers
- Discord.io Admits Knowledge Breach as Data of 760K Customers Bought On-line
- New Winos4.0 Malware Focusing on Home windows through Faux Gaming Apps
- Medusa Ransomware Claims Comcast Knowledge Breach, Calls for $1.2M
- Chess.com Hit by Knowledge Breach Linked to Third-Social gathering File Switch Device
