Discord confirms vendor breach exposed user IDs in ransom plot

In 2025, it feels like cybercriminals are winning while the world's biggest data hoarders are losing. One by one, global giants are admitting they've been breached, from tech powerhouses like Google to insurance leaders such as Allianz and Farmers and even luxury brands like Dior. The latest company to report a breach is Discord. The popular chat platform confirmed that hackers gained access to a third-party customer support provider, 5CA, exposing user data including names, email addresses, limited billing details and even government ID images.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.

MAJOR COMPANIES, INCLUDING GOOGLE AND DIOR, HIT BY MASSIVE SALESFORCE DATA BREACH

The company confirmed that the breach, which occurred on September 20, did not involve a direct attack on Discord's servers. Instead, attackers gained unauthorized access to 5CA, one of Discord's third-party customer service providers. This allowed them to view information from users who had reached out to Discord's Customer Support or Trust & Safety teams.

Discord is a chat app primarily used by gamers, but it has expanded to various other communities, enabling text messages, voice chats and video calls. Some even use it as a replacement for Slack. The platform currently has a monthly user base of over 200 million. The data exposed included Discord usernames, real names, emails, limited billing details such as payment type and the last four digits of credit cards, IP addresses and messages exchanged with customer service agents. In some cases, government ID images provided for age verification were also compromised. Discord estimates that around 70,000 users globally may have had government ID photos exposed.

Reports suggest the attackers attempted to use this access to demand a ransom from Discord. Bleeping Computer reported that the Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack earlier this month. This is the same group that claims to have access to over a billion Salesforce records and is demanding ransom for those as well.

JEEP AND CHRYSLER PARENT STELLANTIS CONFIRMS DATA BREACH

Discord disclosed the incident 13 days later, on October 3. Since then, it has cut off the third-party support provider's access, launched an internal investigation with a digital forensics team and started informing affected users. It also clarified that any communication about the breach will come only from noreply@discord.com and that it will never contact users by phone regarding this incident. The company added that some data remained safe: full credit card numbers, CCV codes, account passwords and activity outside of customer support conversations were not exposed.

Discord also stated that it has notified relevant data-protection authorities about the breach, is working closely with law enforcement and is auditing its third-party vendors to ensure they meet its enhanced security and privacy standards going forward.

A representative at Discord issued a statement, saying in part, "We want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions. All affected users globally have been contacted, and we continue to work closely with law enforcement, data protection authorities and external security experts. We've secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause."

If you think your details might have leaked in the Discord data breach, below are some steps you can take to stay protected.

Two-factor authentication (2FA) adds an extra verification step when logging in, making it much harder for attackers to access your account even if they have your password. Discord supports 2FA via authenticator apps or SMS. Once enabled, you'll receive a code each time you log in from a new device. This simple step can prevent account takeovers and gives you peace of mind.

The less information available about you, the harder it is for attackers to target you. Review what personal details you've shared online, and remove unnecessary data from websites and apps. A personal data removal service can help scrub your information from data broker sites, making it more difficult for attackers to connect the dots and launch identity theft or phishing attacks.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

Reusing passwords across platforms makes it easy for attackers to access multiple accounts if one password is compromised. A password manager can generate long, complex passwords and store them securely, so you don't have to remember them all. This not only protects your Discord account but also your email, banking and other online services.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords, and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

Even if you don't see immediate signs of compromise, attackers can try to exploit stolen data later. Regularly check your email and Discord login history for unusual sign-ins. Services like identity theft protection can scan the dark web for your credentials and alert you immediately if they appear, helping you react quickly before serious damage occurs.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

Phishing attacks often spike after breaches. Attackers may send messages that look like official notifications asking you to reset your password or provide personal information. Always verify the sender, avoid clicking unknown links, and never share sensitive info. Treat every unexpected message as suspicious, even if it appears to come from Discord or another trusted service.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com. 

Attackers often exploit outdated software and known vulnerabilities. Ensure your operating system, apps and antivirus software are current.

If the recent breaches are any indication, third-party services that companies rely on are often the weakest link in cybersecurity. Discord's steps to contain the situation are necessary, but they highlight a bigger problem. Many companies do not implement sufficient safeguards to protect sensitive user data. Weak oversight of third-party providers, delayed responses and inadequate security policies leave personal information exposed and vulnerable to attackers.

Should companies be held more accountable for breaches caused by third-party providers? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.