Hackers Steal Discord Users’ Data and Identification Documents
Hackers have stolen payment information and personal data—including real names and identification documents—of several Discord users. The breach occurred on September 20, 2025, and has been linked to the compromise of a third-party vendor providing customer support services to the company.
Discord’s Response
Discord representatives publicly acknowledged the incident, stating that they immediately isolated the compromised vendor from their ticketing system and launched an internal investigation.
According to the company, the breach affected a “limited number of users” who had interacted with Discord or Trust and Safety support staff.
“The measures taken included revoking the customer support vendor’s access to our ticketing system, launching an internal investigation, engaging a leading digital forensics firm to support our investigation and remediation efforts, and contacting law enforcement,” Discord said in an official statement.
Data Compromised
The exposed information includes the following:
- Users’ real names and nicknames
- Email addresses and other contact details shared with support staff
- IP addresses, messages, and attachments sent to the support service
- Partial payment data (payment type, last four digits of the credit card, and purchase history associated with the compromised account)
More concerningly, the attackers gained access to photographs of identification documents—such as driver’s licenses and passports—belonging to a small subset of users who had provided them for age verification.
Ongoing Investigation
The exact number of affected users and the identity of the compromised vendor remain undisclosed.
However, sources cited by BleepingComputer suggest that the attack involved a breach of Zendesk, allowing hackers to steal Discord user data.
A hacker collective calling itself Scattered Lapsus$ Hunters—an alliance of members from the Scattered Spider, LAPSUS$, and Shiny Hunters groups—has claimed responsibility for the breach. The group published screenshots allegedly showing a Kolide access control list for Discord employees with admin console privileges.
At the same time, BleepingComputer and researchers from VX-Underground reported that another, previously unknown hacker group (name undisclosed) has also claimed involvement.
Scattered Lapsus$ Hunters confirmed these reports, stating that they had interacted with the second group during the attack.
Editorial Note
The information presented in this article is for journalistic and educational purposes only. Red Dog Security does not endorse or promote unauthorized access to computer systems or data. The described incidents are analyzed solely to raise awareness of cybersecurity risks and best practices for protection.
