Discord experienced a data breach via a third-party customer service provider, compromising user data handled by its **Customer Support** and **Trust & Safety** teams. The exposed information includes **real names, Discord usernames, email addresses, contact details, IP addresses, and limited billing data** (payment type, last four digits of credit cards, and purchase history). Additionally, **messages exchanged with customer service agents** and some **internal corporate training materials** were accessed. While no full payment card details or passwords were leaked, the breach raises concerns over phishing risks and identity exposure. Discord terminated the third-party’s access, launched an investigation, and notified affected users—particularly those who submitted **government IDs for age verification**—via email from *noreply@discord.com*. The incident underscores vulnerabilities in third-party vendor security and may prompt stricter data-handling policies, especially for sensitive verification processes.
Source: https://gamerant.com/discord-data-breach/
TPRM report: https://www.rankiteo.com/company/discord
"id": "dis4862248100525",
"linkid": "discord",
"type": "Breach",
"date": "5/2025",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Subset of users who interacted '
'with Customer Support or Trust '
'& Safety teams (exact number '
'unspecified)',
'industry': 'Social Media / Communication Platform',
'location': 'Global (HQ: San Francisco, California, '
'USA)',
'name': 'Discord Inc.',
'type': 'Technology Company'}],
'attack_vector': ['Supply Chain Attack', 'Third-Party Vendor Exploitation'],
'customer_advisories': ['Emails sent from noreply@discord.com to affected '
'users, with specific notifications for those who '
'provided government IDs for age verification.'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Real names',
'Discord usernames',
'Emails',
'Contact details',
'IP addresses',
'Government IDs (for '
'users in UK and '
'Australia who '
'underwent age '
'verification)'],
'sensitivity_of_data': 'High (includes PII, partial payment '
'details, and internal corporate data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data (partial)',
'Corporate Data',
'Communication Logs',
'IP Addresses']},
'date_detected': '2025-10-03',
'date_publicly_disclosed': '2025-10-03',
'description': 'Discord announced on October 3 that some users may have been '
'impacted by an attack on one of its third-party customer '
'service agencies. The breach involved data collected by the '
'Customer Support and/or Trust & Safety teams, including real '
'names, Discord usernames, emails, limited billing '
'information, IP addresses, messages with customer service '
'agents, and limited corporate data (training materials, '
'internal presentations). Discord has removed the third-party '
'provider’s access to the ticketing system and launched an '
'internal investigation. Users are advised to stay alert for '
'suspicious communications, and impacted users will receive an '
'email from noreply@discord.com. Those who provided government '
'IDs for age verification in the UK and Australia will be '
'specifically notified.',
'impact': {'brand_reputation_impact': ['Potential erosion of trust due to '
'compromised user data, particularly '
'for minors affected by age '
'verification feature'],
'data_compromised': ['Real names',
'Discord usernames',
'Emails',
'Contact details (if provided to customer '
'support)',
'Limited billing information (payment type, '
'last four digits of credit cards, purchase '
'history)',
'IP addresses',
'Messages with customer service agents',
'Limited corporate data (training materials, '
'internal presentations)'],
'identity_theft_risk': ['High (due to exposure of real names, '
'usernames, emails, and partial payment '
'details)'],
'operational_impact': ['Removal of third-party provider’s access '
'to ticketing system',
'Internal investigation launched'],
'payment_information_risk': ['Moderate (last four digits of credit '
'cards and purchase history exposed)'],
'systems_affected': ['Third-party customer service ticketing '
'system']},
'initial_access_broker': {'entry_point': 'Third-party customer service '
'provider’s ticketing system',
'high_value_targets': ['Customer Support data',
'Trust & Safety team data',
'Billing information',
'Age verification records']},
'investigation_status': 'Ongoing (internal investigation launched)',
'ransomware': {'data_exfiltration': True},
'recommendations': ['Reevaluate third-party vendor security protocols, '
'particularly for customer support providers handling '
'sensitive data.',
'Enhance age verification processes to minimize data '
'exposure risks for minors.',
'Implement stricter access controls and monitoring for '
'systems handling PII and payment data.',
'Consider proactive measures such as credit monitoring or '
'identity theft protection for affected users.'],
'references': [{'source': 'The Verge'}],
'response': {'communication_strategy': ['Public announcement on October 3',
'Email notifications to impacted '
'users from noreply@discord.com',
'Specific notifications to users who '
'provided government IDs for age '
'verification in the UK and Australia',
'Advisory for users to stay alert for '
'suspicious communications'],
'containment_measures': ['Removed third-party customer support '
'provider’s access to the ticketing '
'system'],
'incident_response_plan_activated': True,
'remediation_measures': ['Internal investigation launched']},
'stakeholder_advisories': ['Users advised to monitor for suspicious '
'communications; impacted users to receive email '
'notifications.'],
'title': 'Discord Third-Party Customer Service Data Breach',
'type': ['Data Breach', 'Third-Party Vendor Compromise']}