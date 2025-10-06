Discord suffers ransomware breach via a third-party support vendor, exposing limited user and corporate data

Stolen data includes names, emails, billing info, IPs, and some government IDs; passwords remained secure

Impacted users will be contacted by email; internal investigation and police notification are underway

Discord has warned users it suffered a cyberattack which caused a potentially worrying data breach.

In a data breach notification announcement posted on the company’s blog, Discord said a third party, providing customer support services, was breached.

“The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams,” Discord said.

Payment data secure

The identity of the attackers was not disclosed, but BleepingComputer reports that this was a ransomware attack, and that the threat actors demanded payment in exchange for the stolen files.

They managed to obtain people’s names, Discord usernames, emails, and other contact details the customers gave Discord customer support. Furthermore, limited billing information (last four digits of credit cards, purchase history), as well as IP addresses, were also accessed, and so were messages exchanged with customer service agents.

The hackers also took limited corporate data (training materials, internal presentations), and a “small number” of government-issued ID cards.

“If your ID may have been accessed, that will be specified in the email you receive,” Discord added in the announcement, noting the breach happened on September 20, 2025

Payment data should be fine, as the company said full credit card numbers, as well as CVV codes, were not accessed. Messages, or other Discord activity - beyond what was shared with customer support - was left intact, as well. Passwords and other authentication data was not compromised, either.

“We are in the process of contacting impacted users. If you were impacted, you will receive an email from noreply@discord.com,” the company concluded. “We will not contact you about this incident via phone – official Discord communications channels are limited to emails from noreply@discord.com.”

An internal investigation was already launched, and a third-party forensics expert engaged. The police have been notified, as well.

