Hackers claim Discord breach exposed data of 5.5 million users

Hackers claim Discord breach exposed data of 5.5 million users

The Discord Breach: What Happened and What Users Need to Know

In October 2025, Discord disclosed a significant data breach that affected users who had interacted with its customer support and Trust & Safety teams. While the company initially reported that approximately 70,000 users may have had sensitive data like government ID photos exposed, hackers claimed to have stolen data belonging to 5.5 million users. This discrepancy has sparked concern and confusion. Discord has stated that the breach was not a direct attack on its platform but rather a compromise of a third-party customer service provider, 5CA.

The attackers accessed a ticketing system used by Discord's support team, gaining access to messages, usernames, email addresses, and in some cases, limited billing information and government ID images submitted for age verification. Discord has since revoked the provider's access, launched an investigation with a forensics firm, and is working with law enforcement.

Not a Discord Breach, but a Third-Party Incident

Discord has been adamant that its own systems were not breached. Instead, the attack targeted a third-party customer service provider, 5CA. This is a common vector for data breaches, where attackers exploit the weakest link in a supply chain. The unauthorized party used social engineering tactics to gain access to Discord's support ticketing system, not by exploiting a vulnerability in Discord's own code. This distinction is important: Discord's core messaging and authentication systems remained secure. However, for users who had contacted support, their data was exposed. The incident highlights the risks of data sharing with third parties and the need for stringent vendor security audits.

Sensitive Data Exposed: IDs, Billing Info, and More

The breach exposed a range of user data, primarily from those who had communicated with Discord's Customer Support or Trust & Safety teams. The compromised data includes:

  • Names, Discord usernames, email addresses, and other contact details provided to support
  • Limited billing information such as payment type, last four digits of credit card, and purchase history
  • IP addresses
  • Messages exchanged with support agents
  • Government ID images for approximately 70,000 users who appealed age determinations

Notably, passwords, full credit card numbers, and private messages between users were not compromised. The ID photos are particularly concerning, as they can be used for identity theft. Discord has stated it will notify affected users via email from 'noreply@discord.com'.

Hackers' Claims: 5.5 Million Versus 70,000

The hackers, reportedly a group known as Scattered Lapsu$ Hunters (SLH), claimed to have stolen data on 5.5 million users, far exceeding Discord's acknowledged impact of about 70,000. They also claimed to have 1.5 terabytes of data. Discord has dismissed these claims as 'incorrect and part of an attempt to extort a payment.' However, security experts note that the actual number of affected users could be larger if the attackers accessed a broader range of support tickets. Discord has not provided a detailed breakdown, leaving some uncertainty. Users should remain vigilant and consider whether they have contacted Discord support in the past.

Who Are the Hackers?

The group is described as a coalition combining tactics from Scattered Spider, Lapsu$, and ShinyHunters. They rely on social engineering rather than malware, targeting third-party vendors to get to larger targets. This is a growing trend in cybercrime, bypassing hardened defenses by going after less secure partners.

Discord's Response: Quick Action and Next Steps

Discord acted swiftly upon discovering the breach. It revoked the third-party provider's access, launched an internal investigation with expert forensics support, and engaged law enforcement. The company also notified relevant data protection authorities and is in the process of contacting affected users. Discord has assured users that it will not contact them by phone and that official communications come only from 'noreply@discord.com'. For users not affected, no action is required. However, Discord recommends that all users remain cautious of suspicious messages or emails.

Lessons for Users: How to Protect Yourself After a Breach

This incident serves as a reminder that even if a platform itself is secure, third-party integrations can be vulnerable. Here are steps users can take:

  • Watch for phishing attempts: Be wary of unexpected emails or messages claiming to be from Discord, especially those asking for personal information.
  • Use unique passwords: Enable two-factor authentication on your Discord account.
  • Review support interactions: If you have shared sensitive data with Discord support, be extra cautious about identity theft.
  • Monitor financial accounts: Although full credit card numbers were not exposed, limited billing info could be used in targeted attacks.

Discord has stated it will no longer use the compromised system for age verification and has moved to dedicated vendors like k-ID and Persona. The company also says it will delete government ID images after verification to minimize future risk.

The Bigger Picture: Third-Party Risk and Data Privacy

This breach underscores the growing challenge of third-party risk in the digital ecosystem. Companies like Discord can have strong internal security, but a single vendor with weak controls can expose millions of users. The incident also reignites debates about age verification systems, which require collection of sensitive biometric data. Digital rights activists warn that such systems create honeypots for attackers. For users, the takeaway is to be judicious about the information they share with any online service, especially sensitive IDs. As Discord and other platforms continue to evolve their security practices, this event will likely influence how they vet and manage third-party vendors going forward.