Discord Confirms Vendor Breach Exposed User IDs in Ransom Plan

In 2025, it appears that cybercriminals are winning while the world’s largest data hoarders are losing. One by one, global giants are admitting they have been breached, from tech powerhouses like Google to insurance leaders like Allianz and Farmers and even luxury brands like Dior. The latest company to report a breach is Discord. The popular chat platform confirmed that hackers gained access to a third-party customer support provider, 5CA, exposing user data including names, email addresses, limited billing details, and even government ID images.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

MAJOR COMPANIES INCLUDING GOOGLE AND DIOR SUFFERED BY MASSIVE SALESFORCE DATA BREACH

How the breach occurred and what data was exposed

The company confirmed that the breach, which occurred on September 20, did not involve a direct attack on Discord servers. Instead, the attackers gained unauthorized access to 5CA, one of Discord’s third-party customer service providers. This allowed them to see information from users who had contacted Discord’s Customer Support or Trust & Safety teams.

Discord is a chat app used primarily by gamers, but has expanded to other communities, allowing text messages, voice chats, and video calls. Some even use it as a substitute for Slack. Currently, the platform has a monthly user base of over 200 million. The exposed data included Discord usernames, real names, emails, limited billing details such as payment type and the last four digits of credit cards, IP addresses, and messages exchanged with customer service agents. In some cases, government ID images provided for age verification were also compromised. Discord estimates that around 70,000 users worldwide may have had government ID photos exposed.

Reports suggest that the attackers attempted to use this access to demand a ransom from Discord. Bleeping Computer reported that the threat group Scattered Lapsus$ Hunters (SLH) claimed responsibility for the attack earlier this month. This is the same group that claims to have access to over a billion Salesforce records and is also demanding a ransom for them.

STELLANTIS, FATHER OF JEEP AND CHRYSLER, CONFIRMS DATA BREACH

What Discord is doing now and what users should do next

Discord revealed the incident 13 days later on October 3. It has since cut off access to the third-party support provider, launched an internal investigation with a digital forensics team, and begun informing affected users. He also clarified that any communication regarding the breach will come only from noreply@discord.com and that he will never contact users over the phone regarding this incident. The company added that some data remained secure: full credit card numbers, CCV codes, account passwords, and activity outside of customer service conversations were not exposed.

Discord also stated that it notified the relevant data protection authorities about the breach, is working closely with the authorities, and is auditing its third-party providers to ensure they meet its enhanced security and privacy standards in the future.

A Discord representative issued a statement that read in part: “We want to address the inaccurate claims circulating online by those responsible. First, as stated in our blog post, this was not a breach by Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and are part of an attempt to extort Discord into making a payment. Of the affected accounts globally, we have identified approximately 70,000 users who may have had exposed government ID photos, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions. All affected users worldwide have been contacted and we continue to work closely with law enforcement, data protection authorities and external security experts. We protect affected systems and we finalize the work with the committed supplier. “We take our responsibility to protect your personal data seriously and understand the concern this may cause.”

6 Steps You Can Take to Stay Safe After Discord Breach

If you think your data might have been leaked in the Discord data breach, here are some steps you can take to stay protected.

1) Enable two-factor authentication

Two-factor authentication (2FA) adds an extra verification step when logging in, making it much harder for attackers to access your account even if they have your password. Discord supports 2FA via authenticator apps or SMS. Once enabled, you will receive a code every time you sign in from a new device. This simple step can prevent account takeover and give you peace of mind.

2) Consider a personal data removal service

The less information available about you, the harder it is for attackers to attack you. Review what personal data you have shared online and remove unnecessary data from websites and apps. A personal data removal service can help remove your information from data broker sites, making it harder for attackers to connect the dots and launch identity theft or phishing attacks.

While no service promises to remove all of your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites on an ongoing basis over a longer period of time.

3) Use strong, unique passwords for all accounts

Password reuse across platforms makes it easier for attackers to access multiple accounts if one password is compromised. A password manager can generate long, complex passwords and store them securely, so you don’t have to remember them all. This not only protects your Discord account but also your email, banking, and other online services.

Next, check to see if your email has been exposed in previous breaches. Our number one password manager (see Cyberguy.com) includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

4) Monitor accounts for suspicious activity

Even if you don’t see immediate signs of compromise, attackers may try to exploit the stolen data later. Periodically review your email and Discord login history for unusual logins. Services like identity theft protection can scan the dark web for your credentials and alert you immediately if they appear, helping you react quickly before serious damage is done.

Identity theft companies can monitor personal information such as your social security number (SSN), phone number, and email address and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best options on how to protect yourself from identity theft at Cyberguy.com.

5) Be careful with emails, messages or links and use powerful antivirus software

Phishing attacks typically increase after breaches. Attackers may send messages that look like official notifications asking you to reset your password or provide personal information. Always verify the sender, avoid clicking on unknown links, and never share sensitive information. Treat every unexpected message as suspicious, even if it appears to come from Discord or another trusted service.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

6) Keep devices and software up to date

Attackers often exploit outdated software and known vulnerabilities. Make sure your operating system, applications, and antivirus software are up to date.

CLICK HERE TO GET THE News APP

Kurt’s Key Takeaway

If recent breaches are any indication, the third-party services that businesses rely on are often the weakest link in cybersecurity. Discord’s measures to contain the situation are necessary, but they highlight a larger problem. Many companies do not implement sufficient security measures to protect sensitive user data. Weak oversight by third-party vendors, delayed responses, and inadequate security policies leave personal information exposed and vulnerable to attackers.

Should companies be more responsible for breaches caused by third-party vendors? Let us know by writing to us at Cyberguy.com

Sign up to receive my FREE CyberGuy report

Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide, free when you join me CYBERGUY.COM information sheet.

Copyright 2025 CyberGuy.com. All rights reserved.