Discord Confirms Data Breach After Cyberattack

Discord has confirmed a data breach that exposed sensitive information from tens of thousands of users — including government IDs — after hackers infiltrated one of its third-party customer service providers.

The breach, which occurred on September 20th, didn’t directly target Discord’s own systems but instead hit an unnamed external firm that helped handle customer support and age verification. Despite Discord not being directly hacked, around 70,000 users may have had personal data leaked as a result.

What Was Accessed?

The stolen data includes:

Full names and usernames
Email addresses and contact info
Messages exchanged with Discord’s support and Trust & Safety teams
IP addresses
Last four digits of linked credit cards and purchase histories
Government-issued ID cards like passports or driver’s licenses

Discord says the breach only affected users who had communicated with customer support. If you’ve never contacted their support teams, you’re in the clear.

Crucially, no full credit card numbers, passwords, or private messages within Discord servers were accessed. The attack didn’t touch users’ broader in-app conversations, only messages sent directly to support teams.

"We Will Not Reward Illegal Actions"

While some online users claim the breach was larger than reported, Discord has rejected that. A spokesperson said such claims are inaccurate and “part of an attempt to extort payment.” They added, “We will not reward those responsible for their illegal actions.”

The nature of the attack has not been officially confirmed, but BleepingComputer reports it may have been a ransomware operation, with attackers demanding payment in exchange for the stolen data.

What Discord Is Doing About It

As soon as the breach was discovered, Discord says it:

Revoked the third-party firm’s system access
Launched an internal investigation
Hired external cybersecurity experts
Informed law enforcement
Began contacting all affected users via email

If your government ID was among the compromised data, that will be specifically mentioned in the email from Discord. These messages are only sent from noreply@discord.com, and the company warns users not to trust any phone calls or messages claiming to be from them.

Breach Reignites Concerns Over Third-Party Data Sharing

The breach has reignited concerns around third-party data sharing, especially with platforms that handle ID verification and personal information. Though Discord has previously upped its security — especially around verifying ages to keep harmful content off the platform — this incident highlights how even those efforts carry risks if partners aren't fully secure.

The company says it will now "frequently audit [its] third-party systems" to ensure they meet security standards moving forward. For now, Discord users are advised to keep an eye out for emails from the platform — and stay alert to potential phishing attempts using leaked contact information.

If you received support from Discord recently, check your inbox. You’ll be contacted directly if your info was affected.