Particle.news

Download on the App Store

Discord Says Third-Party Support Breach Exposed Some User Data, Including ID Images

The company is notifying affected users, with no passwords or full credit card numbers reported exposed.

Overview

  • Discord reports an unauthorized actor compromised a customer support vendor on September 20, affecting a limited set of people who contacted Customer Support or Trust & Safety.
  • Exposed information includes names, usernames, email addresses, contact details, IP addresses, support messages and attachments, purchase history, and partial billing data such as payment type and last four card digits.
  • A small number of government ID images submitted for age‑verification appeals were accessed, while general private messages on the platform were not included.
  • Discord says the actor attempted to extort a ransom and did not gain direct access to Discord’s core systems, with full credit card numbers and passwords unaffected.
  • The company revoked the vendor’s access, engaged a forensics firm, notified data protection authorities, and is working with law enforcement; attribution and the provider’s identity remain undisclosed as a group calling itself Scattered Lapsus$ Hunters claims responsibility.