Discord has officially disclosed a data breach that exposed sensitive information after hackers compromised a third-party customer support provider. The attack, which took place on September 20, affected a limited number of users who had interacted with Discord’s customer support or Trust and Safety teams. However, the impact could be significant, given the nature of the stolen data.
The attackers managed to gain unauthorized access to the support system, stealing personally identifiable information (PII) such as real names, usernames, email addresses, and contact details. More concerning, the breach also exposed government-issued identification documents including driver’s licenses and passports for a subset of affected users. Hackers additionally accessed partial payment details, including purchase history and the last four digits of credit cards tied to accounts.
According to Discord’s security response team, immediate steps were taken once the attack was detected. The company revoked the provider’s access, launched an internal investigation, hired a leading forensics firm, and engaged law enforcement to mitigate the damage. A public notification has also been issued to all affected users, warning them to remain vigilant against identity theft and fraud attempts.
While Discord has not disclosed the name of the breached third-party provider, the hacker group Scattered Lapsus$ Hunters (SLH) has claimed responsibility. They alleged that the breach occurred via a Zendesk instance, which gave them access to support tickets, attachments, and even an internal Kolide access control list connected to Discord’s identity and access management system through Okta.
The attackers reportedly demanded a ransom in exchange for not leaking the stolen data. Security experts warn that if the data is released, it could be exploited in crypto-related scams and phishing campaigns, as Discord is a popular communication hub for blockchain communities, Web3 developers, and digital asset traders. Alon Gal, CTO at Hudson Rock, noted that the breach could provide investigators with valuable leads in tracing scammers who often rely on Discord to coordinate fraudulent activity.
The incident highlights a critical challenge for platforms like Discord: while they may invest heavily in their own security infrastructure, third-party vendors can still introduce vulnerabilities. Similar large-scale breaches, such as the recent compromise of Salesforce instances by the ShinyHunters group, show that supply-chain attacks remain a growing threat.
As of now, Discord has not revealed how many users were affected, and investigations are ongoing. The company urges users to monitor their accounts, enable multi-factor authentication (MFA), and remain cautious of unsolicited messages or requests.
Conclusion:
The Discord data breach serves as a stark reminder that even widely trusted platforms are vulnerable to supply-chain attacks. By targeting third-party providers, hackers bypass direct defenses and strike at the weakest link. For millions of users relying on Discord for communication, particularly in crypto and gaming communities, this incident underscores the need for stronger vendor security audits, stricter data-sharing policies, and user awareness about identity protection.
