Discord has confirmed that customers who contacted its buyer assist service have had their information stolen by hackers, who’ve tried to extort a ransom from the corporate.
Based on the vastly in style messaging platform which has greater than 200 million month-to-month customers, the hackers breached a third-party customer support supplier relatively than getting access to Discord instantly.
Nonetheless, the safety incident has uncovered information associated to Discord’s customer support system, together with:
- Identify, Discord username, e mail and different contact particulars if offered to Discord buyer assist
- Restricted billing info corresponding to fee kind, the final 4 digits of bank cards, and buy historical past if related to accounts
- IP addresses
- Messages with customer support brokers
- Restricted company information (coaching supplies, inner displays)
As well as, Discord desires that the hack has uncovered a “small quantity” of customers’ authorities ID photos (corresponding to driving licenses and passports).
The hackers are believed to have struck on September 20, 2025, when the third-party customer support suppliers – which has not been named by Discord, however seems to be Zendesk – was breached.
The Scattered Lapsus$ Hunters (SLH) gang claimed accountability on Telegram for its involvement within the assault. The hackers posted screenshots which allegedly proved their entry to Discord’s inner administration instruments, and taunted the corporate about their safety.
Based on Discord’s official assertion, the compromised info is proscribed to customers who contacted its Buyer Help or Belief & Security groups, and didn’t embrace the publicity of full bank card numbers or CCV codes, messages or exercise on Discord past what customers could have mentioned with buyer assist, or customers’ passwords.
However there are apparent issues that customers will typically share delicate info and attachments with assist groups that they might not need to fall into the arms of malicious hackers.
The overall variety of affected Discord customers has not been made public. Impacted customers are being contacted by the corporate through e mail.
Discord has warned customers to be cautious of scammers trying to use the info breach, and has underlined that it’s going to not contact affected customers concerning the incident by cellphone and can solely ship official communications from [email protected].
Clearly it is smart for any Discord person to be extraordinarily cautious about any communication which arrives claiming to be associated to the breach, as it might be an try by hackers to steal extra particulars – corresponding to passwords.
Within the wake of the assault Discord has revoked the client assist supplier’s entry to its ticketing system, engaged with exterior specialists and legislation enforcement, and launched an inner investigation.
Sadly for Discord this isn’t the primary time it has discovered its identify hitting the headlines resulting from a breach at a third-party customer support supplier.
In March 2023, Discord notified customers that e mail addresses, messages, and any attachments despatched with assist tickets may have been uncovered to hackers.
The lesson for corporations studying about Discord’s newest hack? As soon as once more, third-party suppliers could be a weak hyperlink in your safety chain. As organisations more and more depend on third-party service suppliers, the assault floor expands past their direct management. It isn’t nearly ensuring that your individual techniques are safe, but in addition assessing the safety of your distributors, and asking your self in case you are smart to belief their structure.
