Discord Data Breach Exposes Users’ Personal Information and Documents

Discord has disclosed a data breach that compromised the personal information and identification documents of a limited number of users. The incident was traced back to a security breach at Zendesk, a third-party company providing customer support services for the platform.

In a statement published on October 3, 2025, Discord reported that an unauthorized actor gained access to its customer support ticket system, where confidential user data was stored. According to HackRead, the company clarified that its main infrastructure remained secure and that the attackers’ primary motive appeared to be financial extortion.

What Information Was Affected

The breach impacted users who had previously interacted with Discord’s Support or Trust & Safety teams. The exposed data includes:

• Full names, usernames, and email addresses

• Messages exchanged with support agents

• Limited billing information, such as payment methods and the last four digits of payment cards

• Identification documents like driver’s licenses and passports used for age verification

The inclusion of official ID documents among the stolen files increases the potential risk of identity theft. Discord has not disclosed how many users were affected but confirmed that all impacted individuals have been notified via email from noreply@discord.com.

There is no information yet on who was responsible for the attack or how long the unauthorized access lasted. Upon discovering the breach, Discord immediately revoked Zendesk’s access to internal systems, launched a forensic investigation with cybersecurity experts, and alerted relevant data protection authorities. The company stressed that passwords, private messages, and complete credit card details were not compromised but advised users to stay alert for phishing or suspicious communications.

Hacker Group Claims Responsibility

Although Discord has not officially identified the perpetrators, a hacker coalition calling itself Scattered LAPSUS$ Hunters has taken credit for the attack. The group, reportedly a merger of members from Scattered Spider, Lapsus$, and ShinyHunters, shared screenshots on Telegram allegedly showing access to Discord’s internal administrative and data privacy panels.

In their posts, the hackers mocked Discord’s security measures, including its use of Okta and Kolide for access management. They also claimed to possess additional undisclosed information and threatened to release it on their “Data Leak Site” (DLS), a platform used for publishing or selling stolen data.

Discord reminded users to be cautious of potential scams exploiting the breach and reiterated that the company will not contact anyone by phone regarding this issue.

Filed in Cellphones >Computers >Gaming. Read more about Discord and Privacy.