Discord has just notified its users of a data breach that occurred a couple of weeks ago, on September 20, where hackers gained access to user information through third-party channels. Discord was not directly hacked; instead, the bad actors compromised one of its customer service providers, from which they gained access to mainly users' contact information, including email addresses and real names. This data was intended to be used as leverage to demand a financial ransom from Discord, but thankfully, the situation has now been aptly addressed.
Discord essentially has a monopoly over the video game communication market, with a market share of over 90%. It goes without saying how important it is for the giant to set a benchmark for privacy and lead by example. The company relies on third-party customer service providers, which gamers contact through the customer support and/or Trust and Safety teams. One of these providers was hacked, but Discord states that it has since severed the affected provider's access to its ticketing system and has involved law enforcement in investigating the matter.
In the breach, the hackers got access to usernames, real names, email addresses, IP addresses, "limited" billing info like payment type and the last four digits of bank cards, along with some other internal Discord training material. A select few users who provided their government-issued IDs, such as passports or driver's licenses, were also affected in the attack. Full passwords, residential addresses, or any other sensitive info seem to be safe, however. Messages shared between support and users were also compromised, but any other server chats or DMs remain untouched. Click the tweet below to see the full letter.
Discord has begun sending e-mails notifications about a cybersecurity incident which occurred September 20th, 2025.It appears people who submitted support tickets are the ones primarily impacted.Literally peoples entire identity stolen from this shit pic.twitter.com/5WlhAYbihGOctober 3, 2025
Overall, it's an isolated incident that didn't spiral into something catastrophic. Discord says that if you've been affected, you'll receive an email from noreply@discord.com detailing the following steps and informing you exactly what information was leaked. Discord highlighted its commitment to security in a blog post, mentioning that investigations into the matter have already begun and that they've reviewed their current threat detection systems and safety protocols to ensure this doesn't happen again. As always, stay vigilant.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
