02.10.2025
2 min
641
Discord has confirmed a security incident in which hackers gained access to users’ personal data through a third-party support provider. The company believes the primary purpose of the attack was to extort money.
The incident affected users who contacted Discord’s support team or Trust & Safety team. As a result of the compromise, the attackers could have obtained names, email addresses, Discord usernames, IP addresses, history of messages with support, and partial payment data — payment method type, last four digits of the card, purchase history.
Separately, it is noted that a small number of users who sent documents to verify age lost copies of passports or driver’s licenses. Discord emphasizes: passwords, full payment information, or private messages in chats were not stolen.
Hackers, calling themselves Scattered Lapsus$ Hunters (SLH), said they gained access to Zendesk, the platform that Discord uses to handle customer requests. After discovering the incident, the company immediately disabled access to the compromised provider, notified law enforcement and data protection regulators. Discord has also increased security checks on third-party contractors and monitoring systems. Users are urged to be vigilant for suspicious emails and phishing messages. All affected people will receive official notifications to [email protected], without calls or contact through other channels.
This incident has once again shown that even large digital platforms can fall victim to weak links in the chain of contractors. It is important for users not only to change their passwords, but also to be careful about any requests for personal information. For companies, it is a reminder of the need to monitor the security of third parties that have access to critical systems.
