Discord says customer service provider hack exposed user IDs, support chats

Published: 5 October 2025
Discord scraping service reveals user messages
Image by Cybernews.

Discord has confirmed that hackers had managed to compromise one of its third-party customer service providers, accessing the personally identifiable data of some users.

The data belongs to people who had contacted Discord through its Customer Support and/or Trust & Safety teams. The company believes that the goal behind the hack was to “extort a financial ransom from Discord.”

Once Discord became aware of the situation, it revoked the provider’s access to its ticketing system and engaged with law enforcement.

ADVERTISEMENT

Yet, malicious actors managed to access a trove of personal data, including a small number of government‑ID images from passports or driver's licenses, in case a user had previously contacted Discord to appeal an age determination. According to Discord, other data includes:

  • Name, Discord username, email, and other contact details if provided to Discord customer support
  • Limited billing information, such as payment type, the last four digits of your credit card, and purchase history, if associated with your account
  • IP addresses
  • Messages with its customer service agents
  • Limited corporate data (training materials, internal presentations)

However, the company assures that credit card numbers, passwords, or messages or activity on Discord beyond user communication with support were not stolen.

It is not yet clear how many users were impacted or which third-party provider was breached. However, we already have a potential threat actor behind the hack – the Scattered Lapsus$ Hunters (SLH) claimed the attack, saying that they hacked a Zendesk instance used by Discord for customer support, according to Bleeping Computer.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us

The company has notified data protection authorities and is working with law enforcement. It has also reviewed its threat detection systems and security controls for third-party support providers.

Users are advised to stay vigilant for unsolicited messages and suspicious communications.

All impacted users will receive an email notification from Discord – the company says it will not contact you via phone, but using a special email address at [email protected].

ADVERTISEMENT

Earlier in August, malicious actors claimed they had access to billions of user Discord messages and a trove of voice sessions, files, and user profiles, obtained via scraping.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked