Overview

• Only users who contacted Customer Support or Trust & Safety were affected after a support vendor was compromised, not Discord’s own systems.
• Exposed information includes names, emails, usernames, contact details, IP addresses, limited billing data such as payment type and last four card digits, and messages and attachments sent to support.
• Discord says a small number of government ID images submitted for age appeals were accessed, while passwords, full card numbers, CVVs, and general platform activity were not.
• The company revoked the vendor’s access, hired a leading forensics firm, notified law enforcement, and is warning recipients of its emails to watch for phishing and to expect no phone calls about the incident.
• The number of impacted users remains undisclosed, and Discord has not confirmed the vendor or attacker attribution, although outside researchers point to a September 20 incident linked to a widely used support platform.