Overview
- Discord reports an unauthorized actor compromised a customer support vendor on September 20, affecting a limited set of people who contacted Customer Support or Trust & Safety.
- Exposed information includes names, usernames, email addresses, contact details, IP addresses, support messages and attachments, purchase history, and partial billing data such as payment type and last four card digits.
- A small number of government ID images submitted for age‑verification appeals were accessed, while general private messages on the platform were not included.
- Discord says the actor attempted to extort a ransom and did not gain direct access to Discord’s core systems, with full credit card numbers and passwords unaffected.
- The company revoked the vendor’s access, engaged a forensics firm, notified data protection authorities, and is working with law enforcement; attribution and the provider’s identity remain undisclosed as a group calling itself Scattered Lapsus$ Hunters claims responsibility.