Hackers hit Discord’s support vendor, exposing sensitive user data worldwide.
Hackers hit Discord’s support vendor, exposing sensitive user data worldwide.
Tech
3 min.Read

Discord Vendor Breach Exposes User IDs in Ransom Attack

Discord Confirms Third-Party Vendor Breach Exposed User IDs in Ransom Plot

Discord has confirmed a significant data breach affecting thousands of users after hackers compromised its third-party customer support vendor. The incident exposed sensitive user information including government ID images and triggered ransom demands from the attackers.

Key Takeaways

  • 70,000 users had government ID photos exposed
  • Breach occurred via third-party vendor 5CA on September 20
  • Scattered Lapsus$ Hunters group claimed responsibility
  • Discord has terminated the vendor relationship

How the Discord Data Breach Unfolded

The security incident occurred on September 20, 2025, when attackers gained unauthorized access to 5CA, one of Discord’s third-party customer service providers. Importantly, this was not a direct breach of Discord’s own servers but rather a compromise of their external support vendor.

The exposed data includes Discord usernames, real names, email addresses, limited billing details, IP addresses, and messages exchanged with customer service agents. Most concerningly, approximately 70,000 users globally had government ID images exposed—documents that were submitted for age verification purposes.

About 70,000 users had ID images stolen in the latest third-party data breach
About 70,000 users had ID images stolen in the latest third-party data breach. (Tiffany Hagler-Geard/Bloomberg via Getty Images)

Ransom Demands and Threat Group Involvement

Reports indicate the attackers attempted to extort money from Discord using the stolen data. Bleeping Computer identified the Scattered Lapsus$ Hunters (SLH) threat group as claiming responsibility for the attack. This same group allegedly claims access to over a billion Salesforce records and is demanding ransom for those as well.

Discord’s Response and Security Measures

Discord disclosed the incident on October 3—13 days after the breach occurred. The company has taken several decisive actions:

  • Terminated the compromised vendor’s access
  • Launched an internal investigation with digital forensics experts
  • Notified all affected users globally
  • Alerted data-protection authorities and law enforcement
  • Initiated third-party vendor security audits

A Discord representative stated: “We want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions. All affected users globally have been contacted, and we continue to work closely with law enforcement, data protection authorities and external security experts. We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause.”

Discord cuts ties with vendor 5CA and tightens its security investigations
Discord cuts ties with vendor 5CA and tightens its security investigations. (Kurt “CyberGuy” Knutsson)

6 Essential Security Steps for Affected Users

1. Enable Two-Factor Authentication

Activate 2FA on your Discord account using authenticator apps or SMS. This adds an extra verification layer that prevents unauthorized access even if your password is compromised.

2. Use Strong, Unique Passwords

Never reuse passwords across different platforms. Consider using a password manager to generate and store complex, unique passwords for each of your accounts.

3. Monitor for Suspicious Activity

Regularly check your Discord login history and email for unusual sign-in attempts. Consider identity protection services that scan the dark web for your credentials.

4. Be Wary of Phishing Attempts

Expect increased phishing emails following this breach. Verify all communications carefully—Discord will only contact you about this incident from noreply@discord.com.

5. Keep Software Updated

Ensure your operating system, apps, and antivirus software are current to protect against known vulnerabilities that attackers might exploit.

6. Consider Data Removal Services

Evaluate personal data removal services to reduce your digital footprint and make it harder for attackers to target you with personalized attacks.

The Bigger Picture: Third-Party Security Risks

This incident highlights the growing cybersecurity challenge of third-party vendor risks. As companies increasingly rely on external service providers, these vendors often become the weakest link in security chains. The Discord breach demonstrates how even robust internal security measures can be undermined by vulnerabilities in partner organizations.

The fundamental question remains: Should companies bear greater accountability for breaches originating from their third-party providers? This incident will likely fuel ongoing discussions about vendor security standards and corporate responsibility in the digital age.

Latest

Tech

Former Meta contractor Sama to lay off more than 1,000 workers in Kenya

0
Former Meta contractor Sama to lay off more than 1,000 workers in Kenya
Tech

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

0
AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back
Tech

OpenAI policy chief slams AI doomers, says we need to have more responsible conversations

0
OpenAI’s David Lehane urges responsible discussions around AI, highlighting risks of extreme narratives and stressing the need for balanced public understandi
Uncategorized

AI startup Cluely hiring engineer, says it will offer free home, food and even a partner in 1 year

0
San Francisco-based AI startup Cluely offers a unique job package including free housing, food, and a guaranteed partner after one year.
Uncategorized

WhatsApp may soon introduce business chat filtering to reduce spam

0
WhatsApp reportedly working on a new feature to reduce spam and clutter. The purported feature will help users organise business messages and keep personal chat

Topics

Business

Ex-CEO, ex-CFO of bankrupt AI company charged with fraud

0
ILEARNINGENGINES-INDICTMENT/:Ex-CEO, ex-CFO of bankrupt AI company charged with fraud
Entertainment

Avengers Doomsday: Trailer breakdown, cast, major reveals from CinemaCon

0
The Avengers: Doomsday trailer premiered at CinemaCon 2026. The upcoming film, merges X-Men into the (MCU) Marvel Cinematic Universe.
Opinion

Who the freak needs these extra MPs?

0
India doesn't need 307 more MPs to crowd a bigger chamber. What India needs at this moment is the right policies to drive growth, and not more policymakers. It
Entertainment

Sydney Sweeney, Scooter Braun make romance Insta-official. His reaction says it all

0
Actor Sydney Sweeney and music producer Scooter Braun went public with their romance on Instagram. After months of speculation, their relationship is now out in
Science

Indian summers are changing for good. They are getting longer and hotter

0
For India, where agriculture, water supply, and public health are all dependent on seasonal rhythms, the implications are significant. 
Science

Comet travelling for 2,00,000 years to be visible over India: Here’s how to see it

0
Comet C/2025 R3 (PanSTARRS), a rare long-period comet, may be visible to the naked eye this week. Learn how and when to watch it from India before it fades.
Science

We sniffed every corner of the spacecfraft: Artemis-2 astronauts had a fire scare

0
Among the most alarming incidents was a fire warning that suddenly went off during the mission. “That’ll get your attention,” the astronaut noted, emphasi
Learning

Schools in Kerala, MP and other states change timings, declare holidays amid heatwave

0
States take action to safeguard students from extreme heat
spot_img

Related Articles

Popular Categories

WorldTechBusinessEntertainmentLifestyleHealthAutoPolitics
spot_imgspot_img
Previous article
GST Reforms Spark Economic Surge with Record Festive Sales
Next article
Massive ‘No Kings’ Protests Span 50 States Against Authoritarianism