When did the Discord data breach occur?

The third-party customer service provider was compromised on September 20, 2025.

What data was exposed in the Discord breach?

The exposed data includes names, Discord usernames, email addresses and other contact details provided to customer support, last four digits of credit card numbers, payment types and purchase history, IP addresses, messages exchanged with customer service agents, limited corporate data including training materials and internal presentations, and government-issued ID images (driver's licenses, passports) from a small number of users who had appealed age determination decisions.

Were Discord's internal systems compromised?

No, Discord's internal systems were not compromised. The breach occurred at one of Discord's third-party customer service providers. Discord revoked the compromised service provider's access to its ticketing system following the incident.

How many Discord users were affected by the breach?

The number of affected individuals has not been disclosed. Discord only stated that a limited number of users who had previously contacted Discord through Customer Support or Trust & Safety teams were impacted.

Were full credit card numbers exposed in the Discord breach?

No, only the last four digits of credit card numbers were exposed in the breach, along with payment types and purchase history. Full payment data was not breached according to Discord.

Were government-issued IDs exposed in the Discord breach?

Yes, government-issued ID images including driver's licenses and passports from a small number of users who had appealed age determination decisions were exposed. Users whose government ID images may have been accessed received specific notification in their individual emails.

Did the attackers demand ransom from Discord?

Yes, the attackers attempted to extort a financial ransom from Discord following the breach of the third-party customer service provider.

How can I verify legitimate Discord communications about the breach?

All official communications about this incident come from the verified email address noreply@discord.com. Discord will not contact users about this incident by phone. Users should be cautious of any other communication methods claiming to be from Discord regarding this breach.

Who was affected by the Discord data breach?

The breach impacted a limited number of users who had previously contacted Discord through the company's Customer Support or Trust & Safety teams. Only users who had submitted support tickets or interacted with these teams were potentially affected.

Incident

Discord reports breach at third-party customer service provider exposing user information

Q: Were Discord messages compromised in the breach?

Discord claims that messages or activities on Discord beyond what users had discussed with Customer Support or Trust & Safety agents were not breached. Only messages exchanged with customer service agents were potentially exposed.

published: Oct. 3, 2025

Learn More

Discord reports a security incident in which one of its third-party customer service providers was compromised on September 20, 2025. The breach impacted a limited number of users who had previously contacted Discord through the company's Customer Support or Trust & Safety teams.

The attackers attempted to extort a financial ransom from Discord. Discord revoked the compromised service provider's access to its ticketing system, launched an investigation and is working with law enforcement authorities. The exposed data includes:

Names
Discord usernames
Email addresses and other contact details provided to customer support
Last four digits of credit card numbers
Payment types and purchase history
IP addresses
Messages exchanged with customer service agents
Limited corporate data including training materials and internal presentations
Government-issued ID images (driver's licenses, passports) from a small number of users who had appealed age determination decisions

Discord claims that payment data and messages or activities on Discord beyond what users had discussed with Customer Support or Trust & Safety agents were not breached.

The number of affected individuals has not been disclosed. The company only stated that a "limited number of users" were impacted.

Affected users are receiving email notifications from noreply@discord.com on October 3, 2025. Discord has advised that the company will not contact users about this incident by phone, and all official communications are limited to emails from the verified address. Users whose government ID images may have been accessed received specific notification in their individual emails.

Update - as of 8th of October 2025, Discord reports that of the total number of impacted accounts, approximately 70,000 users may have had government-ID photos exposed. The total number of affected individuals is still not disclosed.

The attackers claim significantly higher figures including 2.1 million government IDs and data from 8.4 million support tickets and allege they stole 1.6 TB of data affecting 5.5 million users through a compromised support agent account. Discord contests the threat actors' inflated numbers as part of an extortion attempt.

As of 14th of October 2025, the third party support company 5CA has denied responsibility for the data breach of Discord. They state that their systems were not compromised and preliminary forensic investigation indicates the incident occurred outside their infrastructure, potentially due to human error. The company maintains that all security controls (access controls, encryption, and monitoring) remain fully operational with no evidence of impact on other clients or systems.

Discord reports breach at third-party customer service provider exposing user information

Read More
Millions of patients of Mexican hospitals exposed through …
Fidelity reports third party breach caused by Infosys …
Medibase Group reports data breach exposing Staten Island …
4chan forum hacked, taken offline
Gaming developer Arc System Works reports hack, data …