Discord breach exposes user data through third-party provider hack

In 2025, it looks like the cybercriminals are winning while the world’s biggest data hoarders are losing. One by one, global giants are admitting that they have been hacked by the forces of technology Like Google For insurance companies like Allianz and Farmers and even luxury brands like Dior. The latest company to report the breach is Discord. The popular chat platform has confirmed that hackers gained access to third-party customer support provider, 5CA, Reveal user data Including names, email addresses, limited billing details, and even government ID photos.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Major companies, including GOOGLE and DIOR, suffered a massive sales force data breach

Hackers have hit a Discord support vendor, exposing sensitive user data around the world. (Phil Parker/Future Publishing via Getty Images)

How did the hack happen and what data was exposed

The company confirmed that the September 20 hack did not involve a direct attack on Discord servers. instead of, The attackers gained unauthorized access To 5CA, one of Discord’s third-party client service providers. This allowed them to view information from users who contacted Discord’s customer support or trust and safety teams.

Discord is a chat app primarily used by gamers, but it has expanded to include various other communities, allowing text messaging, voice chats, and video calls. Some even use it as an alternative to Slack. The platform currently has a monthly user base of over 200 million. The exposed data included Discord usernames, real names, emails, limited billing details such as payment type, last four credit card digits, IP addresses, and messages exchanged with customer service agents. In some cases, government ID photos provided for age verification were also hacked. Discord estimates that about 70,000 users globally may have been exposed to government ID images.

Reports indicate that attackers attempted to use this access to demand ransom from Discord. The threat group Scattered Lapsus$ Hunters (SLH) claimed responsibility for the attack earlier this month, Bleeping Computer reported. This is the same group that claims to have access to over a billion Salesforce records and is demanding ransom for those as well.

Jeep and Chrysler parent Stellantis confirm a data breach occurred

About 70,000 users had their identity photos stolen in the latest third-party data breach. (Tiffany Hagler-Gerd/Bloomberg via Getty Images)

What Discord does now and what users should do next

Discord revealed the incident 13 days later, on October 3. It has since cut off the third-party support provider’s access, initiated an internal investigation with its digital forensics team and begun notifying affected users. She also clarified that any communication about the breach would only come from noreply@discord.com and that she would never contact users via phone regarding this incident. The company added that some data remained safe: full credit card numbers, CCV codes, account passwords, and activity outside of customer support conversations were not revealed.

Discord also said that it has notified the relevant data protection authorities about the breach, is working closely with law enforcement, and is reviewing third-party vendors to ensure they meet its enhanced security and privacy standards going forward.

A Discord representative issued a statement saying in part: “We want to address inaccurate claims by administrators that are circulating online. First, as stated in our blog post, this was not a Discord breach, but rather an external service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort payment from Discord. Among Affected Accounts Globally, we identified approximately 70,000 users whose government ID photos were exposed, which our vendor used to review age appeals. Third, we will not reward those responsible for their illegal actions. All affected users globally have been contacted, and we continue to work closely with law enforcement, data protection authorities and external security experts. We have secured the affected systems and terminated work with Hacked seller. We take our responsibility to protect your personal data very seriously and understand the concern this may cause.”

Discord is cutting ties with vendor 5CA and tightening its security investigations. (Kurt “CyberGuy” Knutson)

6 steps you can take to stay safe after a Discord hack

If you think your details may have been leaked in a Discord data breach, here are some steps you can take to stay protected.

1) Enable two-factor authentication

Two-factor authentication (2FA) It adds an extra verification step when you log in, making it harder for attackers to access your account even if they have your password. Discord supports two-factor authentication via authentication apps or SMS. Once enabled, you’ll receive a code every time you log in from a new device. This simple step can prevent account takeovers and give you peace of mind.

2) Consider a personal data removal service

The less information there is about you, the more difficult it is for attackers to target you. Review the personal details you have shared online and remove unnecessary data from websites and apps. A depersonalization service can help scrub your information from data broker sites, making it more difficult for attackers to connect the dots and launch identity theft or phishing attacks.

Although no service promises to remove all your data from the Internet, getting a removal service is great if you want to continuously monitor and automate the process of removing your information from hundreds of sites over a longer period of time.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com

Get a free check to see if your personal information is already on the web: Cyberguy.com

3) Use strong, unique passwords for all accounts

Reusing passwords across platforms makes it easier for attackers to access multiple accounts if a single password is compromised. A password manager can generate long, complex passwords and store them securely, so you don’t have to remember them all. This protects not only your Discord account, but also your email, banking, and other online services.

Next, check if your email has been exposed in previous breaches. Our #1 password manager (see Cyberguy.com) Choice includes a built-in penetration scanner that checks if your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

4) Monitor accounts for any suspicious activity

Even if you don’t see immediate signs of compromise, attackers may try to exploit stolen data later. Regularly check your email and Discord login history for unusual logins. Services like Identity Theft Protection can scan the dark web for your credentials and immediately alert you if they appear, helping you respond quickly before serious damage occurs.

Identity theft companies can monitor personal information such as your Social Security number (SSN), phone number, and email address and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.
Check out my tips and top picks on how to protect yourself from identity theft at Cyberguy.com

5) Be careful with emails, messages or links and use strong antivirus software

Phishing attacks often spike after hacks occur. Attackers may send messages that look like official notices asking you to reset your password or provide personal information. Always check the sender, avoid clicking on unknown links and never share sensitive information. Treat every unexpected message as suspicious, even if it appears to be coming from Discord or another trusted service.

The best way to protect yourself from malicious links that install malware, and potentially access your private information, is to install strong antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for Windows, Mac, Android, and iOS at Cyberguy.com

6) Keep hardware and software up to date

Attackers often exploit outdated software and known vulnerabilities. Make sure your operating system, applications, and antivirus software are up to date.

CLICK HERE TO GET THE FOX NEWS APP

Key takeaway for Kurt

If recent breaches are any indication, the third-party services that companies rely on are often the weakest link in cybersecurity. Discord’s steps to contain the situation are necessary, but they highlight a larger problem. Many companies do not implement adequate safeguards to protect sensitive user data. Poor oversight of third-party service providers, delayed responses, and inadequate security policies leave personal information exposed and vulnerable to attackers.

Should companies bear greater liability for breaches caused by third-party providers? Let us know by writing to us at Cyberguy.com

Sign up for my free CyberGuy report

Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.