Excerpt from Cybersecurity News Article, Published on October 09, 2025
Discord is at the center of a massive cybersecurity breach that has exposed sensitive user data through a compromised third-party customer service provider. The breach, which occurred on September 20, 2025, was orchestrated by the well-known cybercrime group Scattered Lapsus$ Hunters. This attack targeted customer support systems managed by Zendesk, leading to an extortion attempt and claims of 1.5 terabytes of stolen data, including over 2 million government-issued ID photos.
Discord has confirmed the breach but disputes the attackers’ estimated scale, reporting that approximately 70,000 users had their IDs exposed, instead of the over 2 million claimed by SLH. The attackers gained entry by compromising a support agent’s credentials, maintaining unauthorized access for 58 hours. Notably, Discord’s main servers remained unaffected, as only its outsourced ticketing system was breached.
The leaked data includes names, Discord usernames, email addresses, partial billing details, messages with support agents, and user IP addresses. What sets this incident apart is the exposure of government-issued identification images, such as driver’s licenses and passports, submitted by users challenging age-based restrictions on their accounts. The threat actors allege the breach affects 5.5 million users and involves 8.4 million support tickets, while Discord continues to investigate and has alerted users globally.
Discord’s swift response involved revoking the vendor’s access, terminating their partnership, and collaborating with law enforcement and data security agencies. The company assures users that passwords, full credit card numbers, and private messages outside support interactions remain secure. A notification email is being sent to affected accounts, explicitly stating whether an individual’s government ID was exposed. Importantly, Discord will only communicate about this incident via its verified support email.
This breach underscores the risk of supply chain attacks, where cybercriminals exploit weaker third-party links to infiltrate major platforms. As the situation evolves, the full risks to Discord users will depend on whether attackers publish the stolen data.
To delve deeper into this topic, visit the Cybersecurity News article.
