Hackers stole payment information and personal data (including real names and identity documents) of some Discord users. The attack occurred on September 20, 2025 and is linked to the compromise of a third-party provider that supplies the company with customer support services.
Discord representatives publicly reported the incident and said they immediately took all necessary steps to isolate the compromised vendor from their ticketing system and launched an investigation.
According to the company, the leak affected “a limited number of users” who interacted with Discord Support or the Trust & Safety team.
“The measures taken included revoking the customer support vendor’s access to our ticketing system, initiating an internal investigation, engaging a leading digital forensics firm to support our investigation and remediation efforts, and contacting law enforcement,” Discord representatives said.
Among the compromised data were:
- users’ real names and nicknames;
- email addresses and other contact information provided to support staff;
- IP addresses, messages, and attachments sent to support;
- partial payment information (payment type, the last four digits of the bank card number, and purchase history associated with the compromised account).
Worse still, the hackers gained access to photos of identity documents (driver’s licenses, passports, and so on) for a small number of users who had submitted documents to verify their age.
At present, the exact number of affected Discord users is unknown, as is the name of the third-party provider that was impacted by the attack.
According to Bleeping Computer, citing its own sources, hackers breached Zendesk, which allowed them to steal Discord users’ data.
The Scattered Lapsus$ Hunters group (an alliance of members from the Scattered Spider, LAPSUS$, and Shiny Hunters hacking groups) has already confirmed its involvement in this attack. The hackers published screenshots showing Kolide’s access control list for Discord employees with access to the administrative console.
At the same time, according to journalists at BleepingComputer and researchers from VX-Underground, another previously unknown hacker group (its name has not been disclosed) claimed responsibility for this attack. Representatives of Scattered Lapsus$ Hunters confirmed this information and explained that they had interacted with this group.