Discord has confirmed that customers who contacted its buyer assist service have had their knowledge stolen by hackers, who’ve tried to extort a ransom from the corporate.
Based on the massively fashionable messaging platform which has greater than 200 million month-to-month customers, the hackers breached a third-party customer support supplier relatively than having access to Discord instantly.
Nonetheless, the safety incident has uncovered knowledge associated to Discord’s customer support system, together with:
- Identify, Discord username, e mail and different contact particulars if offered to Discord buyer assist
- Restricted billing info reminiscent of fee kind, the final 4 digits of bank cards, and buy historical past if related to accounts
- IP addresses
- Messages with customer support brokers
- Restricted company knowledge (coaching supplies, inside displays)
As well as, Discord desires that the hack has uncovered a “small quantity” of customers’ authorities ID photographs (reminiscent of driving licenses and passports).
The hackers are believed to have struck on September 20, 2025, when the third-party customer support suppliers – which has not been named by Discord, however seems to be Zendesk – was breached.
The Scattered Lapsus$ Hunters (SLH) gang claimed duty on Telegram for its involvement within the assault. The hackers posted screenshots which allegedly proved their entry to Discord’s inside administration instruments, and taunted the corporate about their safety.
Based on Discord’s official assertion, the compromised info is restricted to customers who contacted its Buyer Assist or Belief & Security groups, and didn’t embrace the publicity of full bank card numbers or CCV codes, messages or exercise on Discord past what customers could have mentioned with buyer assist, or customers’ passwords.
However there are apparent issues that customers will typically share delicate info and attachments with assist groups that they’d not wish to fall into the fingers of malicious hackers.
The full variety of affected Discord customers has not been made public. Impacted customers are being contacted by the corporate by way of e mail.
Discord has warned customers to be cautious of scammers making an attempt to take advantage of the information breach, and has underlined that it’ll not contact affected customers concerning the incident by telephone and can solely ship official communications from [email protected].
Clearly it is sensible for any Discord consumer to be extraordinarily cautious about any communication which arrives claiming to be associated to the breach, as it could be an try by hackers to steal extra particulars – reminiscent of passwords.
Within the wake of the assault Discord has revoked the shopper assist supplier’s entry to its ticketing system, engaged with exterior consultants and regulation enforcement, and launched an inside investigation.
Sadly for Discord this isn’t the primary time it has discovered its identify hitting the headlines on account of a breach at a third-party customer support supplier.
In March 2023, Discord notified customers that e mail addresses, messages, and any attachments despatched with assist tickets might have been uncovered to hackers.
The lesson for corporations studying about Discord’s newest hack? As soon as once more, third-party suppliers generally is a weak hyperlink in your safety chain. As organisations more and more depend on third-party service suppliers, the assault floor expands past their direct management. It isn’t nearly ensuring that your personal programs are safe, but in addition assessing the safety of your distributors, and asking your self in case you are smart to belief their structure.
