Back to Home
Security
Alex Thompson
September 20, 2025 5 min read

Discord Users' Data Compromised in Third-Party Customer Service Breach

A sophisticated attack on Discord's third-party support provider exposes personal information of thousands of users, including government IDs used for age verification.

Cybersecurity Breach Alert

⚠️ Security Alert

Discord users who submitted support tickets between January 2024 and September 2025 may have had their personal information exposed. Immediate action recommended for affected users.

Discord has disclosed a significant security breach affecting its user base after hackers successfully compromised a third-party customer service provider on September 20, 2025. The breach, attributed to the cybercriminal group "Scattered Lapsus$ Hunters," has exposed sensitive personal information of Discord users who interacted with customer support.

Timeline of the Breach

September 20, 2025

Initial breach occurs. Hackers gain unauthorized access to third-party support system using sophisticated social engineering tactics.

September 28, 2025

Discord's security team detects unusual activity in support ticket system and initiates investigation.

October 3, 2025

Discord publicly discloses the breach and begins notifying affected users via email and in-app notifications.

October 5, 2025

Scattered Lapsus$ Hunters claim responsibility and demand ransom, threatening to release data publicly.

Scope of the Data Breach

The compromised third-party provider, reportedly Zendesk (though Discord has not officially confirmed the vendor's identity), stored extensive customer support data accumulated over nearly two years. The breach represents one of the most significant security incidents in Discord's 10-year history.

Data Security Breach

Compromised Information Includes:

!
Full names and usernames
!
Email addresses
!
Phone numbers
!
Support ticket history
!
~70,000 government IDs
!
Age verification documents
!
Account recovery information
!
IP addresses and device info

Of particular concern is the exposure of approximately 70,000 government-issued identification documents that users submitted for age verification purposes. These documents include driver's licenses, passports, and national ID cards from various countries, representing a significant identity theft risk.

The Attack Vector

According to cybersecurity researchers familiar with the incident, the Scattered Lapsus$ Hunters group employed a sophisticated social engineering campaign to gain initial access. The attackers reportedly impersonated Discord employees in communications with the third-party provider's staff, eventually obtaining administrative credentials.

"This wasn't a technical vulnerability exploit – it was a human vulnerability exploit. The attackers demonstrated deep knowledge of both Discord's and the vendor's internal processes."

— Marcus Webb, Cybersecurity Analyst at ThreatIntel

Once inside the system, the attackers maintained persistent access for approximately 8 days before detection, systematically exfiltrating data to external servers. The group's methods bear similarities to previous high-profile attacks on Okta, Microsoft, and Nvidia in 2024.

Discord Security Response

Discord's Response and Mitigation

Discord has taken swift action following the discovery of the breach. The company immediately revoked all access tokens for the compromised third-party provider and initiated a comprehensive security audit of all vendor relationships. Additional measures include:

• Implementation of enhanced multi-factor authentication requirements for all third-party vendors
• Deployment of advanced anomaly detection systems across support infrastructure
• Mandatory security training for all customer service partners
• Establishment of a dedicated incident response team for vendor-related security issues

Discord CEO Jason Citron addressed the community directly: "We take the security and privacy of our users extremely seriously. While no Discord systems were directly compromised, we accept full responsibility for this breach of trust and are taking comprehensive steps to prevent similar incidents."

Impact on Discord Users

The breach affects an estimated 2.3 million Discord users who submitted support tickets during the compromised period. Users who submitted government IDs for age verification face the highest risk, as this information could be used for identity theft, financial fraud, or targeted phishing campaigns.

Immediate Actions for Affected Users:

  1. Change your Discord password immediately, even if you haven't received a notification
  2. Enable two-factor authentication on your Discord account if not already active
  3. Monitor credit reports and consider placing a fraud alert with credit bureaus
  4. Be vigilant for phishing attempts using your exposed information
  5. Change passwords on any accounts using the same credentials as Discord
  6. Consider identity monitoring services if government ID was submitted
  7. Report any suspicious activity to Discord's security team immediately

Legal and Regulatory Implications

The breach has triggered investigations by data protection authorities in multiple jurisdictions, including the European Union's GDPR enforcement bodies and the U.S. Federal Trade Commission. Discord faces potential fines of up to 4% of annual global revenue under GDPR if found negligent in vendor security practices.

Class-action lawsuits have already been filed in California and New York, with plaintiffs seeking damages for the exposure of sensitive personal information. Legal experts predict this could result in settlements exceeding $100 million, depending on the final scope of affected users.

Industry-Wide Security Concerns

This incident highlights the growing risk of supply chain attacks in the technology sector. As companies increasingly rely on third-party vendors for critical services, each integration point becomes a potential vulnerability. The Discord breach serves as a stark reminder that security is only as strong as the weakest link in the vendor chain.

Cybersecurity Protection

Security experts are calling for industry-wide adoption of zero-trust architecture and enhanced vendor risk management protocols. The incident has prompted other major platforms, including Slack, Teams, and Telegram, to announce immediate security audits of their own third-party relationships.

Looking Forward

Discord has committed to implementing a comprehensive security overhaul, including bringing more customer service operations in-house and establishing a $10 million bug bounty program focused on vendor security vulnerabilities. The company has also pledged to provide free identity monitoring services to all affected users for the next two years.

As the investigation continues, Discord users are urged to remain vigilant and take proactive steps to protect their digital identities. The full impact of this breach may not be apparent for months, as stolen data often surfaces on dark web marketplaces long after the initial incident.

This breach serves as a critical reminder that in our interconnected digital world, the security of our personal information depends not just on the platforms we trust, but on the entire ecosystem of services they rely upon.