The chat platform Discord has confirmed a data breach that exposed user information after hackers compromised a third-party customer support provider. The incident is the latest in a series of breaches reported in 2025 affecting major companies, including Google, Allianz, Farmers, and Dior.
In a statement, Discord confirmed the breach occurred on September 20, 2025. The company clarified that the incident was not a direct attack on its own servers. Instead, attackers gained unauthorized access to 5CA, one of Discord’s third-party customer service providers. This allowed the attackers to view data belonging to users who had previously contacted Discord’s Customer Support or Trust & Safety teams.
Discord, an application used for text messages, voice chats, and video calls, has a monthly user base of over 200 million. While it is primarily used by gamers, its user base has expanded to include various other communities.
The exposed data includes Discord usernames, real names, email addresses, IP addresses, and the content of messages exchanged with customer service agents. Limited billing details, such as the payment type and the last four digits of credit card numbers, were also compromised.
For some users, government-issued ID images provided for age verification purposes were also part of the exposed data. Discord estimates that approximately 70,000 users globally had their government ID photos compromised in the attack.
The threat group known as Scattered Lapsus$ Hunters (SLH) has claimed responsibility for the attack. According to reports, the group attempted to use its access to demand a ransom from Discord. SLH has also claimed to be in possession of over a billion Salesforce records, for which it is reportedly demanding a separate ransom.
Discord disclosed the breach to the public on October 3, 2025, which was 13 days after the initial incident. The company’s response included terminating the third-party provider’s access to its systems, launching an internal investigation with a digital forensics team, and beginning the process of notifying affected users. Discord stated that all official communication regarding the breach will be sent from the email address noreply@discord.com and that it will not contact users by phone about this matter.
The company also specified that certain sensitive information was not exposed. This includes full credit-card numbers, CCV security codes, account passwords, and any user activity outside of conversations with customer support. Discord has notified the relevant data-protection authorities, is cooperating with law enforcement, and has begun an audit of its third-party vendors to enforce enhanced security and privacy standards.
Users who believe their details may have been exposed are advised to take several safety measures. Recommendations include enabling two-factor authentication, using strong and unique passwords for all accounts, and actively monitoring accounts for suspicious activity. Additionally, users should be cautious with unsolicited emails, messages, or links; use reputable antivirus software; keep devices and software updated; and consider a personal data removal service to reduce their digital footprint.
