Discord Data Breach Hackers Access IDs, Billing Details and Support Chats
Discord issued an official update on October 3, 2025, explaining that an attacker successfully compromised the systems of a third-party customer service provider (apparently Zendesk), gaining unauthorized access to the support agent’s ticket queue, where sensitive customer data was stored. The company emphasized that its own main systems were not directly breached. Investigators found the attacker’s primary goal was to demand a financial ransom from Discord.
The exposed data belongs only to users who had recently contacted Discord’s Customer Support or Trust & Safety teams. This highly sensitive information includes: names, Discord usernames, email addresses, and other contact details; the actual messages exchanged with customer service agents; and limited billing details, specifically the payment method and the last four digits of a credit card number. Perhaps the most alarming detail is that the attacker also gained access to a small number of government-issued ID images, such as driver’s licenses or passports, submitted by users for age verification appeals. The exposure of these high-risk documents significantly increases the danger of identity theft for the affected individuals.
Although at the time of writing, it remains unclear who is behind the Discord data breach. However, “Scattered Lapsus$ Hunters,” a coalition that combines the tactics and branding of Scattered Spider, Lapsu$, and ShinyHunters, is taking responsibility for the cyber attack. The group has shared screenshots on Telegram that appear to show access to Discord’s internal tools, including data privacy dashboards and administrative resources, alongside mocking messages aimed at the company. In their posts, the hackers dismissed Discord’s security measures, such as disabling Okta and Kolide logins, claiming these steps would not prevent further intrusions. They also revealed details like the alleged internal network name “SLHM” and threatened to publish additional stolen material on their “Data Leak Site” (DLS). The attackers further taunted Discord by boasting about their financial gains and suggesting they had far more data than what had already been leaked.
To read the complete article see: HACKREAD
:warning: Apply for our next conference in Kuala Lumpur on December 9th and 10th, 2025 at Rise Malaysia with the passcode: “6f&%dX”, no quotes.