Overview

• An attacker compromised a third-party customer support provider, exposing data only from users who contacted Customer Support or Trust & Safety.
• Exposed information includes names, usernames, emails, contact and partial billing details, IP addresses, and support messages, plus a small number of government ID images used for age verification; passwords and full card numbers were not taken.
• Discord cut the vendor’s access, opened an internal probe with a forensics firm, notified law enforcement and data protection authorities, and is emailing affected users with guidance to watch for scams.
• The company says the attackers sought a ransom, with reports placing the intrusion on September 20 and linking it to a Zendesk instance and SLH claims on Telegram, which Discord has not confirmed.
• Regulators and researchers highlight heightened phishing and identity-theft risks from the leaked ID images and support content, and the total number of affected users remains undisclosed.