Skip to content
Supply chainContained

Leak at Discord

On 4 October 2025 Discord disclosed a breach of a third-party customer-support provider that exposed support-ticket data and roughly 70,000 government-ID photos (submitted for age-verification appeals), plus names, emails, IP addresses and partial billing details.

Victim
Discord
records
70.0K

On 4 October 2025, Discord β€” the messaging and community platform β€” disclosed a data breach that did not hit its own systems but a third-party provider used to handle customer-support and Trust & Safety requests. An unauthorized party accessed the vendor's environment around 20 September 2025, exposing data belonging to users who had previously contacted Discord support.

The incident is a supply-chain compromise: the affected provider (reported as customer-service partner 5CA, which disputes any breach of its systems) processed support tickets and age-verification appeals on Discord's behalf. The most sensitive exposure involved roughly 70,000 government-ID photos β€” passports and driver's licenses submitted by users contesting age-verification decisions.

Exposed data categories included:

  • Names, Discord usernames and email addresses
  • Messages exchanged with customer support agents
  • IP addresses
  • Limited billing information (payment method, last 4 digits of the card, purchase history)
  • Government-issued ID images submitted for age-verification appeals

Discord said full credit-card numbers, CVV codes, passwords/authentication data and private user messages were not affected. A group calling itself "Scattered LAPSUS$ Hunters" claimed a far larger haul (1.5 TB and millions of IDs) and demanded a ransom; Discord called those figures false, refused to pay, revoked the attacker's access, opened an investigation with external experts and law enforcement, and began notifying affected users.

Sources

  1. next.inkhttps://next.ink/203013/discord-reconnait-une-fuite-de-donnees-personnelles-et-de-documents-internes/
  2. discord.comhttps://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service
  3. therecord.mediahttps://therecord.media/discord-government-docs-exposed-breach
  4. nbcnews.comhttps://www.nbcnews.com/tech/tech-news/70000-government-id-photos-exposed-discord-user-hack-rcna236714

Related incidents

Supply chainContained

Leak at Espace-Recettes.fr Vorwerk

In early February 2025, Vorwerk's Thermomix recipe community Espace-Recettes.fr (Rezeptwelt) was breached via a compromised third-party server, exposing names, postal addresses, emails, phone numbers, dates of birth and cooking preferences of roughly 3.3 million users across several countries.

Victim
Espace-Recettes.fr Vorwerk