Discord Contractor Denies Role in Data Leak
5CA, a contractor providing customer support services to Discord, has denied responsibility for the recent data breach that exposed user identification documents and partial payment information.
Earlier this month, Discord confirmed a cyber incident linked to the compromise of a third-party vendor’s systems on September 20, 2025. The company stated that the affected vendor provided customer support services and that the breach impacted a “limited number of users” who had previously interacted with Discord Support or the Trust and Safety team.
Scope of the Compromise
The stolen information included:
- Real names and Discord usernames
- Email addresses and other contact data shared with support staff
- IP addresses, messages, and attachments sent via support tickets
- Partial payment data, including payment type, last four digits of cards, and related purchase history
In a smaller subset of cases, attackers also obtained photographs of identification documents—such as driver’s licenses, passports, or student IDs—submitted for age verification purposes.
Conflicting Claims
Initially, Discord withheld the vendor’s name. However, Bleeping Computer later reported that attackers had exploited Zendesk, enabling them to access Discord user data. The Scattered Lapsus$ Hunters, a group combining members of Scattered Spider, LAPSUS$, and Shiny Hunters, claimed responsibility and alleged they had stolen data from 5.5 million users, including 2.1 million ID document copies.
Discord later refuted these claims, stating that approximately 70,000 users might have been affected and emphasizing that its own systems were not breached. The company attributed the incident to 5CA, its customer support partner.
5CA’s Response
This week, 5CA rejected Discord’s implication, stating that none of its systems were compromised and that it does not process user identification documents for Discord.
“All our platforms and systems are secure, and customer data remains under strict control,” the company said in a statement. “Furthermore, 5CA did not process any government-issued identification documents provided by customers. Based on the preliminary investigation, we can confirm that the incident occurred outside our systems.”
5CA added that there is “no evidence that other 5CA clients, their systems, or data were affected” and suggested that human error may have played a role, though the scope remains under investigation.
