Discord Hack IDs, Emails, and IPs Exposed
Discord disclosed that an unauthorized party compromised one of its third‑party customer service providers, not Discord’s own production systems, in an incident discovered after activity on September 20, 2025.
The attackers accessed data from support ticket workflows and attempted to extort Discord financially, prompting containment, investigation, and law‑enforcement engagement by the company.
Data tied to a subset of users who interacted with Discord’s Customer Support or Trust & Safety teams was exposed, including real names, Discord usernames, email addresses, and other contact details provided in tickets.
Additional exposed fields include IP addresses, messages and attachments exchanged with support, payment type, and the last four digits of associated credit cards, while full card numbers were not included.
A “small number” of government ID images submitted for age‑verification appeals, such as driver’s licenses or passports, were also accessed, raising the risk of identity misuse for those affected.
Only people who contacted Discord’s Customer Support or Trust & Safety are within scope of this breach, including some non‑account holders who used those channels, while general DMs and server chats were not accessed.
Discord says passwords and full credit card numbers were not taken, and the company is emailing directly impacted individuals with specifics, including whether an ID image was involved.
Discord’s response
Discord revoked the vendor’s access to its ticketing systems, launched an internal probe with a forensics firm, and notified law enforcement after detecting the intrusion.
The company says it is auditing third‑party systems more frequently and is providing targeted notifications and guidance to affected users via email.
Immediate steps for users
Watch for targeted phishing leveraging ticket details, and treat any unexpected messages requesting credentials or payment confirmations as suspicious given the exposure of contact and ticket content data.
Enable two‑factor authentication on Discord and associated email accounts to reduce account‑takeover risk, and review recent login activity and connected apps for anomalies.
If an ID image was submitted for age verification and flagged in Discord’s notice, consider heightened monitoring for identity misuse and follow Discord’s email guidance on next steps.
Rotate exposed or potentially exposed webhooks, review bot tokens, and audit OAuth app permissions, as webhook abuse and token leakage are common attack vectors in Discord ecosystems.
Re‑issue invite links as needed and avoid publishing permanent or high‑privilege links, since invite‑link weaknesses can be abused for multi‑stage phishing and malware delivery campaigns.
The incident occurred on September 20, 2025, and Discord disclosed details publicly on October 2–3, 2025, with ongoing notifications to impacted users and continued investigation.
Expect further updates as law enforcement and forensic work proceed, and as Discord tightens controls and audits across third‑party support integrations.
While Discord’s core platform wasn’t breached this time, the episode underscores the systemic risk of third‑party support stacks that process sensitive user data and ID documents.
The event also lands amid broader security concerns on Discord, where attackers have historically abused webhooks, invites, and CDN hosting to blend malicious operations into trusted traffic patterns.