- Discord suffers ransomware breach via a third-party support vendor, exposing limited user and corporate data
- Stolen data includes names, emails, billing info, IPs, and some government IDs; passwords remained secure
- Impacted users will be contacted by email; internal investigation and police notification are underway
Discord has warned users it suffered a cyberattack which caused a potentially worrying data breach.
In a data breach notification announcement posted on the company’s blog, Discord said a third party, providing customer support services, was breached.
“The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams,” Discord said.
Payment data secure
The identity of the attackers was not disclosed, but BleepingComputer reports that this was a ransomware attack, and that the threat actors demanded payment in exchange for the stolen files.
They managed to obtain people’s names, Discord usernames, emails, and other contact details the customers gave Discord customer support. Furthermore, limited billing information (last four digits of credit cards, purchase history), as well as IP addresses, were also accessed, and so were messages exchanged with customer service agents.
The hackers also took limited corporate data (training materials, internal presentations), and a “small number” of government-issued ID cards.
“If your ID may have been accessed, that will be specified in the email you receive,” Discord added in the announcement, noting the breach happened on September 20, 2025
Payment data should be fine, as the company said full credit card numbers, as well as CVV codes, were not accessed. Messages, or other Discord activity - beyond what was shared with customer support - was left intact, as well. Passwords and other authentication data was not compromised, either.
“We are in the process of contacting impacted users. If you were impacted, you will receive an email from [email protected],” the company concluded. “We will not contact you about this incident via phone – official Discord communications channels are limited to emails from [email protected].”
An internal investigation was already launched, and a third-party forensics expert engaged. The police have been notified, as well.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
- Discord hackers claim to have leaked billions of messages as millions of users targeted - here's what we know
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
English (US) ·