What Happened
In September 2025, specifically starting on September 20, Discord suffered a data breach through its third-party customer support provider—primarily identified as Zendesk by most reports, though Discord officially named 5CA, which denied involvement—where attackers compromised a support agent’s account and maintained access for about 58 hours, exfiltrating around 1.6 terabytes of data from 8.4 million support tickets affecting approximately 5.5 million users. The exposed information included usernames, email addresses, phone numbers, IP addresses, partial payment details (such as last four digits of credit cards and payment methods for ~580,000 users), support ticket transcripts, and government-issued ID images (e.g., driver’s licenses, passports) for roughly 70,000 users submitting age verification appeals, though threat actors Scattered Lapsus$ Hunters (SLH) claimed 2 million IDs and demanded ransom, which Discord refuted. Discord’s core systems, passwords, full credit card numbers, and private messages remained unaffected; the company swiftly revoked vendor access, launched a forensics investigation, notified law enforcement and regulators, and emailed impacted users by early October 2025.
