Overview

• The company confirms a third-party customer support provider was compromised, exposing data from users who contacted Customer Support or Trust & Safety.
• Exposed information includes names, usernames, emails, contact details, IP addresses, limited billing metadata such as payment type and last four card digits, and messages or attachments with agents, with a small number of government ID images also affected.
• Discord says no passwords, authentication data, full payment card numbers, or general Discord activity were accessed.
• The company revoked the vendor’s access, opened an internal investigation with a forensics firm, notified law enforcement, and is emailing potentially affected users with advice to watch for scams.
• The total affected remains undisclosed; external researchers point to a September 20 intrusion and have suggested links to Zendesk and a group boasting on Telegram, which Discord has not confirmed.