Discord, a communication platform with over 200 million users, suffered a data breach via a third-party customer service provider. The hackers accessed a limited number of users' data, including those who had interacted with Discord’s Customer Support or Trust & Safety teams. Compromised information may include names, Discord usernames, emails, contact details, partial billing data (last four digits of credit cards, payment type, purchase history), IP addresses, messages with support agents, and a small number of government-ID images (e.g., driver’s licenses, passports) from age-verification appeals. While full credit card numbers, CVVs, passwords, authentication data, and general Discord activity/messages remained secure, the breach was conducted for financial extortion. Discord revoked the vendor’s access, launched an investigation, involved forensics experts, and engaged law enforcement to mitigate the incident.
TPRM report: https://www.rankiteo.com/company/zyper.
"id": "zyp3792137100525",
"linkid": "zyper.",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'limited number (users who '
'contacted customer support or '
'Trust & Safety teams)',
'industry': 'technology / social media',
'location': 'global (HQ: San Francisco, California, '
'USA)',
'name': 'Discord',
'size': '200+ million users',
'type': 'communication platform'}],
'attack_vector': 'third-party vendor compromise (customer service provider)',
'customer_advisories': ['public blog post acknowledging breach and data types '
'exposed'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['text (emails, messages)',
'images (IDs)',
'documents (training materials, '
'presentations)'],
'number_of_records_exposed': 'limited (exact number '
'undisclosed)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes PII and government '
'IDs)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'payment information (partial)',
'communication logs',
'corporate documents',
'government-issued IDs']},
'description': 'Discord confirmed that its user data was compromised during a '
'third-party customer service hack. The breach impacted a '
'‘limited number’ of users who had communicated with the '
"company's customer support team. Hackers accessed data via "
'one of Discord’s third-party customer service providers, '
'aiming to extort a financial ransom. Compromised data '
'includes names, Discord usernames, emails, limited billing '
'information, IP addresses, messages with customer service '
'agents, and a small number of government-ID images (e.g., '
'driver’s licenses, passports).',
'impact': {'brand_reputation_impact': 'potential trust erosion due to '
'third-party breach and exposure of '
'sensitive user data',
'data_compromised': ['names',
'Discord usernames',
'email addresses',
'contact details (if provided to customer '
'support)',
'limited billing information (payment type, '
'last four digits of credit card, purchase '
'history)',
'IP addresses',
'messages with customer service agents',
'limited corporate data (training materials, '
'internal presentations)',
'government-ID images (e.g., driver’s '
'licenses, passports) from age-determination '
'appeals'],
'identity_theft_risk': 'moderate (PII and government IDs exposed)',
'operational_impact': 'revoked third-party access, internal '
'investigation, forensic support engagement',
'payment_information_risk': 'low (only last four digits of credit '
'cards; full numbers and CVV secure)',
'systems_affected': ['third-party customer service ticketing '
'system']},
'initial_access_broker': {'entry_point': 'third-party customer service '
'provider',
'high_value_targets': ['user PII',
'payment data',
'government IDs']},
'investigation_status': 'ongoing (with forensic firm and law enforcement)',
'motivation': 'financial extortion',
'post_incident_analysis': {'root_causes': ['third-party vendor security '
'vulnerability']},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Discord Official Blog'}],
'response': {'communication_strategy': ['public blog post',
'user notifications (likely)'],
'containment_measures': ['revoked third-party access to '
'ticketing system'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['internal investigation',
'forensic analysis'],
'third_party_assistance': ['leading computer forensics firm']},
'threat_actor': 'unauthorized party (motivated by financial extortion)',
'title': 'Discord Third-Party Customer Service Data Breach',
'type': ['data breach', 'third-party breach', 'extortion attempt']}