BREAKING: Discord has confirmed a significant data breach affecting approximately 70,000 users following unauthorized access to its third-party customer support provider, 5CA. This incident, which occurred on September 20, 2025, has raised urgent concerns about user data security on the popular chat platform.
The breach exposed sensitive user information, including names, email addresses, limited billing details, and even government ID images. This alarming development highlights an ongoing trend of rising cyberattacks targeting major platforms. Just recently, companies like Google and Dior have also reported serious breaches, underscoring the vulnerability of even the largest organizations.
According to reports, the attackers gained access to 5CA, allowing them to view information from users who had previously contacted Discord’s Customer Support or Trust & Safety teams. In some cases, government ID images provided for age verification were also compromised. Discord has clarified that no direct attack was made on its servers.
“We want to address inaccurate claims by those responsible that are circulating online,” a Discord representative stated. “This was not a breach of Discord, but rather a third-party service we use. We take our responsibility to protect your personal data seriously and understand the concern this may cause.”
Discord disclosed the breach to the public on October 3, 2025, thirteen days after the incident occurred. Since then, the company has terminated the compromised vendor’s access and launched an internal investigation with a digital forensics team. Discord is actively notifying affected users and has assured them that communication regarding the breach will only come from [email protected]. Users are warned that Discord will never contact them by phone about this incident.
In a troubling twist, reports suggest that the Scattered Lapsus$ Hunters threat group is behind the attack, having previously claimed responsibility for accessing over a billion Salesforce records and demanding ransom. The implications of this breach extend beyond Discord; it raises broader questions about the security of third-party services relied upon by major companies.
Discord has also emphasized that sensitive data such as full credit card numbers, CCV codes, account passwords, and activity outside of customer support interactions remain safe and unaffected by the breach. The company is working closely with law enforcement and relevant data-protection authorities to mitigate the impact of this incident.
For users concerned about their security following this breach, experts recommend taking immediate action. Here are some essential steps:
- Enable Two-Factor Authentication: This adds an extra layer of security when logging in.
- Review Personal Data: Consider using a personal data removal service to minimize your online footprint.
- Use Unique Passwords: A password manager can help you create and store strong, unique passwords for all your accounts.
- Monitor Accounts: Regularly check for unusual activity in your email and Discord login history.
- Be Wary of Phishing Attacks: Verify senders before clicking links or sharing personal information.
- Keep Software Updated: Ensure all devices and applications are current to protect against vulnerabilities.
The ramifications of this breach extend beyond Discord as it exemplifies the challenges faced by companies relying on third-party providers for customer support. As cyber threats evolve, businesses must enhance their security measures to safeguard personal data effectively.
What’s Next: As Discord continues its internal review and works with authorities, users are encouraged to remain vigilant. The fallout from this breach may affect other platforms as well, prompting a reevaluation of security standards across the tech industry.
Stay tuned for further updates as this story develops, and ensure your personal data is protected in the wake of this breach.
