Discord has revealed it has been targeted by a ransomware actor who has accessed customer data, including proof of age ID and billing information.
The incident was caused by the compromise of a third-party customer service provider, which has not been named.
“An unauthorized party targeted our third-party customer support services to access user data, with a view to extort a financial ransom from Discord,” the social platform wrote in a post on October 3.
The data breach impacts a limited number of customers who had contacted Discord through its customer support and/or trust and safety teams.
Information potentially compromised includes customer names, Discord account usernames, email and other contact details.
Limited billing details, such as payment type and the last four digits of credit cards were also impacted.
Other potentially affected data includes user IP addresses, messages exchanged with customer service agents and a small number of government ID images from users who had appealed an age determination.
Corporate data, such as training materials and internal presentations were accessed by the hackers.
The company is in the process of contacting impacted users via email from noreply@discord.com. It has told customers that no other communication channels will be used for this purpose, such as phone calls.
No figure has been given on the total number of users impacted by the breach. Discord has more than 200 million active users per month globally.
Discord said that full credit card numbers or CVV codes were not included in the data accessed. No password or authentication data was compromised.
Additionally, no messages or activity on Discord outside of communication with customer support were obtained by the attackers.
Law enforcement and relevant data protection authorities have been notified about the incident.
Another High-Profile Third-Party Attack
Discord said it took immediate action to mitigate the attack upon detection, including revoking the customer support provider’s access to its ticketing system.
The platform added that it has reviewed its security controls for third-party support providers.
Jake Moore, global cybersecurity advisor at ESET, commented: “This is a worrying breach, especially as it seems to have come through a trusted third-party rather than Discord itself. Third party weaknesses are often harder to monitor and control yet they still hold sensitive information and are becoming an increasingly common target for cybercriminals.”
The Discord incident follows a plethora of data breaches resulting from the compromise of third-party IT service providers in 2025. Groups such as Scattered Spider and ShinyHunters have been linked to a number of these attacks, which use social engineering techniques to obtain credentials of high-profile users.
Image credit: rafastockbr / Shutterstock.com
