Overview
- The September 20 intrusion targeted a vendor customer service system, affecting a limited set of people who contacted Discord’s Customer Support or Trust & Safety teams.
- Exposed details may include names, usernames, emails, contact information, IP addresses, support messages and attachments, limited billing data such as payment type and last four card digits, and a small number of government‑ID images tied to age‑verification appeals.
- Discord says its core systems were not accessed and confirms the attackers attempted to extort a ransom.
- The company revoked the provider’s access, brought in an external forensics firm, notified data protection authorities, and is working with law enforcement.
- Email notifications are being sent from noreply@discord.com and will note if an ID was involved; Discord has not disclosed the vendor or user count, though a threat group has claimed responsibility and some reporting links the breach to a Zendesk instance.