Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Discord Inc. data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Discord Inc.
Founded in 2015, Discord started as a way for gamers to connect via text, voice and video chat, but it has since expanded to serve a wide variety of online communities. The platform allows users to create and manage servers, participate in real-time conversations and share content within interest-based groups.
Discord is headquartered in San Francisco with nearly 2,000 employees and more than 150 million monthly active users worldwide,.
What Happened?
In late September 2025, Discord Inc. experienced a significant data breach. On Sept. 25, 2025, the company discovered that a third party had gained unauthorized access to its customer service platform through a compromised vendor device. The breach occurred between Sept. 20 and Sept. 22, 2025, before Discord was able to remove the unauthorized party from its systems.
Consumer information exposed:
Name
Address
Phone number
Email address
Discord username
Date of birth
Photo of driver’s license or other state or government-issued ID (if provided)
Limited payment information (payment type, last four digits of credit card, Discord purchase or refund history)
IP addresses
Messages and attachm
Source: https://www.claimdepot.com/investigations/discord-data-breach-2025
TPRM report: https://www.rankiteo.com/company/discord
"id": "dis1764375164",
"linkid": "discord",
"type": "Breach",
"date": "09/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Undisclosed (150+ '
'million monthly '
'active users '
'potentially at '
'risk)',
'industry': 'Social Media / Communication '
'Platform',
'location': 'San Francisco, California, '
'USA',
'name': 'Discord Inc.',
'size': '~2,000 employees',
'type': 'Technology Company'}],
'attack_vector': 'Compromised Vendor Device (Third-Party Access)',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Likely (data accessed by '
'unauthorized third party)',
'file_types_exposed': ['Text (messages), Images '
'(driver’s license '
'photos), Attachments'],
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes '
'(names, '
'addresses, '
'phone '
'numbers, '
'emails, '
'usernames, '
'dates of '
'birth, '
'IP '
'addresses)',
'sensitivity_of_data': 'High (includes '
'government-issued IDs '
'and partial payment '
'details)',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information (PII)',
'Authentication '
'Data',
'Financial Data '
'(partial)',
'Communication Data '
'(messages/attachments)']},
'date_detected': '2025-09-25',
'description': 'Discord Inc. experienced a significant data '
'breach in late September 2025, where a third '
'party gained unauthorized access to its customer '
'service platform through a compromised vendor '
'device. The breach occurred between September 20 '
'and September 22, 2025, exposing sensitive '
'personally identifiable information (PII) of '
'users, including names, addresses, phone '
'numbers, email addresses, Discord usernames, '
'dates of birth, driver’s license photos (if '
'provided), limited payment information, IP '
'addresses, and messages/attachments.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'damage due to exposure of '
'sensitive user data',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Name',
'Address',
'Phone number',
'Email address',
'Discord username',
'Date of birth',
'Photo of driver’s license or '
'government-issued ID (if '
'provided)',
'Limited payment information '
'(payment type, last four digits '
'of credit card, purchase/refund '
'history)',
'IP addresses',
'Messages and attachments'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (due to exposure of PII, '
'including government-issued '
'IDs)',
'legal_liabilities': 'Potential class-action lawsuits '
'(e.g., investigation by Shamis '
'& Gentile P.A.)',
'operational_impact': None,
'payment_information_risk': 'Moderate (limited '
'payment details exposed)',
'revenue_loss': None,
'systems_affected': ['Customer Service Platform']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Compromised vendor '
'device',
'high_value_targets': ['Customer '
'service '
'platform data'],
'reconnaissance_period': None},
'investigation_status': 'Under investigation (third-party legal '
'firm involved)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': ['Third-party vendor '
'compromise leading '
'to unauthorized '
'access']},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Shamis & Gentile P.A. Investigation '
'Notice',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Potential '
'class-action '
'lawsuits (under '
'investigation by '
'Shamis & Gentile '
'P.A.)',
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': ['Removal of unauthorized '
'third party from systems'],
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes '
'(unauthorized '
'party removed '
'from systems '
'by Sept. 25, '
'2025)',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Unauthorized Third Party',
'title': 'Discord Inc. Data Breach (September 2025)',
'type': 'Data Breach'}