Overview

• Discord says a September 20 intrusion into a third-party customer service system exposed data for a limited set of people who contacted Customer Support or Trust & Safety.
• Exposed information includes names, usernames, emails, contact details, IP addresses, and support messages with attachments, plus partial billing data such as payment type and the last four credit card digits.
• A small number of government ID images submitted for age verification were accessed, and email notices specify if an individual’s ID was involved.
• Discord says full card numbers, CVVs, passwords, authentication data, physical addresses, and messages outside support interactions were not accessed.
• The company revoked the vendor’s ticketing access and engaged a forensics firm and law enforcement, while declining to name the provider or user count as a group calling itself Scattered Lapsus$ Hunters posts unverified claims of a Zendesk breach.