Overview

• The intrusion on September 20 stemmed from limited access to a third-party customer service system used by Discord.
• Impact was confined to a limited number of people who contacted Support or Trust & Safety.
• Exfiltrated records included names, usernames, emails, contact details, IP addresses, support messages and attachments, ID photos for a small subset, and payment metadata such as type and last four card digits.
• Discord says it launched an internal investigation, hired a forensic firm, and engaged law enforcement following revocation of the vendor’s access.
• BleepingComputer reports the attackers demanded a ransom to prevent a leak, while Discord has not disclosed the provider’s identity, the access vector, or how many users were affected.