Tech

Discord Confirms Data Leak from Third-Party Vendor, Core Systems and Private Chats Remain Secure

TIG SEA3 weeks ago

96 1 minute read

On October 6, 2025, Discord issued an official statement addressing a recent data breach incident that occurred on September 20. According to the company, the security breach was not the result of an attack on its own infrastructure but was instead traced back to a third-party customer support vendor that had been compromised. This breach led to unauthorized access to certain user information, prompting Discord to launch a full-scale investigation and implement additional security measures.

The exposed data includes real names, email addresses, IP addresses, and limited payment information such as payment types and the last four digits of credit card numbers. It also involved support ticket histories for some users. However, Discord emphasized that passwords, private messages, and users’ physical addresses were not affected, and the vast majority of users can continue using the platform safely without concern.

Discord has begun sending e-mails notifications about a cybersecurity incident which occurred September 20th, 2025.

It appears people who submitted support tickets are the ones primarily impacted.

Literally peoples entire identity stolen from this shit pic.twitter.com/5WlhAYbihG
— vx-underground (@vxunderground) October 3, 2025

There are also reports that a small subset of users who submitted government-issued IDs (such as passports or driver’s licenses) for identity verification might have been impacted, though no evidence suggests that this information has been misused. Following the breach, Discord immediately revoked the vendor’s access and began working closely with cybersecurity authorities to investigate and prevent future incidents.

Importantly, Discord confirmed that its core infrastructure, user database, private messages, and voice channels remain 100% secure. The company also revealed that attackers might have attempted to use the stolen data for extortion purposes, but Discord refused any demands and acted quickly to close vulnerabilities and initiate countermeasures.

Affected users will receive an email notification from noreply@discord.com detailing the type of data that may have been accessed. Discord recommends that these users monitor financial transactions, enable account alerts, and update passwords on any other services using similar login information as a precautionary measure.

Looking ahead, Discord plans to enhance its threat detection systems and strengthen security protocols for external partners to prevent similar breaches in the future. While the incident has raised concerns, the company remains committed to protecting user data and maintaining trust within its community. With over 90% market share among gamers, Discord continues to stand as the leading communication platform in the gaming world.