Discord confirmed a data breach originating from its third-party support provider, 5CA, which was compromised on September 20. The incident, disclosed by the company on October 3, exposed the personal information of users who had interacted with its customer service teams.
The 2025 security incident is one of several recent breaches affecting global companies, including Google, Allianz, Farmers, and Dior. Discord stated that the attack did not directly compromise its own internal servers. Instead, hackers gained unauthorized access to the systems of 5CA, a company contracted to provide customer service support. This access allowed the attackers to view information from users who had previously contacted either Discord’s Customer Support or its Trust & Safety teams for assistance.
Discord, a chat application with a monthly user base of over 200 million, is widely used by gamers but has expanded to host various other communities for text, voice, and video communication. The data exposed in the 5CA breach included a range of user information: Discord usernames, the real names of users, email addresses, and IP addresses. Limited billing details were also part of the compromised data, specifically the payment type used and the last four digits of associated credit cards. Additionally, the contents of messages exchanged between users and customer-service agents were accessed. For a specific subset of users, government ID images that had been submitted for age verification purposes were exposed. Discord estimates that approximately 70,000 users globally had their government-ID photos compromised.
The threat group known as Scattered Lapsus$ Hunters (SLH) claimed responsibility for the attack, according to a report from Bleeping Computer. The report also indicated that the attackers attempted to use their unauthorized access to demand a ransom payment from Discord. This same group has also claimed to have gained access to over a billion records from Salesforce, for which it is also reportedly demanding a ransom in a separate incident.
The company disclosed the breach publicly on October 3, which was 13 days after the initial intrusion on September 20. In response to the discovery, Discord immediately cut off 5CA’s access to its systems to prevent further unauthorized activity. The platform also initiated an internal investigation, engaging a digital-forensics team to analyze the scope and nature of the breach. Concurrently, Discord began the process of directly notifying affected users. The company specified that all official communications regarding this incident would be sent exclusively from the email address [email protected] and stated it would not contact users by telephone.
Discord further confirmed that several categories of sensitive information were not exposed in the incident. This unexposed information includes full credit-card numbers, CCV security codes, user account passwords, and any user activity or content outside of the specific conversations with customer-support agents. In addition to its internal response, the company has notified relevant data-protection authorities. It is also cooperating with law enforcement agencies investigating the matter. As a forward-looking measure, Discord is conducting an audit of all its third-party vendors to enforce its enhanced security and privacy standards.
Discord and 5CA can’t agree on who leaked 70,000 government ID photos
For users concerned that their information may have been compromised, several protective measures are advised while the platform continues its investigation.
- Authentication and passwords: Enable two-factor authentication and use strong, unique passwords for all accounts.
- Account monitoring: Regularly monitor accounts for any suspicious activity.
- Communication and software: Be cautious with unsolicited emails, messages, or links, and use reputable antivirus software. Keep all devices and software up to date.
- Data privacy: Consider using a personal data removal service to scrub unnecessary information from the internet.
