Unverified Data Breach Notice Claims Discord Exposed Over 10 Million Users
A data breach notice filed with the Maine Attorney General’s office on June 8, 2026, names Discord Inc. as the affected entity, alleging an "insider wrongdoing" incident impacting more than 10 million individuals. However, the filing contains multiple irregularities raising doubts about its legitimacy.
The notice states the breach occurred on July 9, 2024, and was discovered over a year later, on August 2, 2025. It was submitted by an individual identified as Xavier Morrison, listed as a "Data Subject / Reporter," rather than a Discord legal or security representative. The provided contact details a placeholder phone number and a personal Gmail address further undermine its credibility.
Key details remain unclear or inconsistent. The filing does not specify which personal data was exposed beyond "name or other personal identifier," and the consumer notification date is listed as January 1, 2000, a date misaligned with the reported timeline. Additionally, no identity theft protection services were offered, and the notice lacks a copy of the communication sent to affected Maine residents.
Discord’s most recent confirmed breach occurred in October 2025, when hackers stole government ID photos and private data of approximately 70,000 users via a third-party vendor. A 2023 filing reported 180 victims from another third-party breach.
Given the discrepancies including the reporter’s role, missing documentation, and unusual timestamps the notice should be treated as an unverified claim rather than confirmed evidence of a breach. Discord has not publicly acknowledged the incident, and no official statement has been issued. The Maine Attorney General’s portal, while a public reporting tool, does not independently verify submissions. Discord has been contacted for comment.
Source: https://hackread.com/maine-govt-portal-discord-data-breach-notice/
Discord cybersecurity rating report: https://www.rankiteo.com/company/discord
"id": "DIS1781007955",
"linkid": "discord",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '10000000',
'industry': 'Technology',
'name': 'Discord Inc.',
'type': 'Company'}],
'attack_vector': 'Insider Wrongdoing',
'data_breach': {'number_of_records_exposed': '10000000',
'personally_identifiable_information': 'Yes',
'type_of_data_compromised': ['Name',
'Other personal identifier']},
'date_detected': '2025-08-02',
'date_publicly_disclosed': '2026-06-08',
'description': 'A data breach notice filed with the Maine Attorney General’s '
"office on June 8, 2026, alleges an 'insider wrongdoing' "
'incident impacting more than 10 million individuals. The '
'notice contains irregularities raising doubts about its '
'legitimacy, including a placeholder phone number, personal '
'Gmail address, and inconsistent timestamps. Discord has not '
'publicly acknowledged the incident.',
'impact': {'data_compromised': 'Name or other personal identifier'},
'investigation_status': 'Unverified',
'references': [{'date_accessed': '2026-06-08',
'source': 'Maine Attorney General’s office'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
'General’s office'},
'title': 'Unverified Data Breach Notice Claims Discord Exposed Over 10 '
'Million Users',
'type': 'Data Breach'}