---
title: "Discord Users Warned After Support System Hacked, ID Docs and Emails Exposed"
date: 2025-10-07
author: "Sofia Ramirez"
featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2025/10/discord-affected-by-third-party-data-breach.jpg"
categories:
  - name: "Cybersecurity"
    url: "/cybersecurity.md"
tags:
  - name: "News"
    url: "/tag/news.md"
---

# Discord Users Warned After Support System Hacked, ID Docs and Emails Exposed

A recent data breach at Discord’s customer support provider has exposed sensitive information of users who contacted the platform’s support or trust and safety teams.

## Quick Summary – TLDR:

- A ransomware attack on a third-party support vendor led to a Discord data breach
- Stolen information includes names, emails, usernames, billing info, IP addresses, and some government IDs
- No passwords, full credit card numbers, or CVV codes were compromised
- Impacted users are being contacted via official Discord email

## What Happened?

Discord [confirmed](https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service) that a **cyberattack targeting a third-party customer support provider** led to a **[data breach](https://sqmagazine.co.uk/data-breach-statistics/) affecting users who submitted support tickets**. The breach occurred around **September 20, 2025**, and allowed hackers to access a wide range of user data. Although Discord’s internal systems were not breached, the platform has launched a full investigation and is reaching out to affected individuals.

> A security incident [@discord](https://twitter.com/discord?ref_src=twsrc%5Etfw) breached government-IDs used for age verification. A very predictable outcome of this method of age determination. [pic.twitter.com/sOBnv1HiqU](https://t.co/sOBnv1HiqU)
> 
> — Christine Bannan (@ChristineBannan) [October 6, 2025](https://twitter.com/ChristineBannan/status/1975197903452061724?ref_src=twsrc%5Etfw)

 ## Attack Originated From a Third-Party Vendor

The breach was the result of a ransomware attack on a support vendor working with [Discord](https://sqmagazine.co.uk/discord-statistics/). While the identity of the attackers is still unknown, reports suggest they attempted to **extort Discord by threatening to release the stolen data**. The vendor involved is widely believed to be **Zendesk**, although this has not been officially confirmed.

Discord has clarified that **its own infrastructure was not compromised**, and that only a **limited number of users who interacted with support or trust and safety teams** were affected. The exposed data includes:

- Full names.
- Discord usernames.
- Email addresses.
- IP addresses.
- Limited billing data (like last four digits of credit cards and payment methods).
- Messages exchanged with support agents.
- Scanned government-issued IDs submitted for age verification or dispute resolution.
- Some internal corporate materials like training docs and presentations.

## Quick Response from Discord

Upon discovering the breach, Discord says it **immediately revoked the third-party provider’s system access** and began an **internal investigation** with the help of a leading computer forensics firm. The company also **notified law enforcement** and began informing affected users through emails sent from **<a>noreply@discord.com</a>**.

Discord has reassured users that **no passwords, full credit card numbers, CVV codes, or other authentication data** were compromised in the breach.

The company emphasized that it will **not contact users via phone**, and any official communication will only come through the designated email address.

## Ongoing Risks and Recommendations for Users

The breach raises significant concerns about the **risks of outsourcing sensitive operations** to third-party vendors. Industry analysts have highlighted similar vulnerabilities in recent incidents involving companies like Salesforce and Stellantis.

Affected users, particularly those who uploaded **government ID documents or payment verification details**, are now at risk of **phishing attacks and identity theft**. Discord has urged impacted individuals to:

- Stay alert for suspicious emails or messages.
- Enable **two-factor authentication** on their accounts.
- Avoid clicking on links or downloading files from unknown sources.
- Contact Discord support for further assistance if needed.

This breach follows a smaller incident in 2023 that affected nearly 200 users, suggesting that **third-party vendor oversight remains a weak link** in [cybersecurity](https://sqmagazine.co.uk/cybersecurity-statistics/).

## SQ Magazine’s Takeaway

I think this incident shows how fragile our data privacy is when companies lean too much on third-party vendors without airtight safeguards. Even if Discord’s main systems were safe, that’s little comfort to users whose **IDs and private messages** were caught up in the breach. If you’re someone who’s ever reached out to Discord support, now’s the time to check your email, double-check your account settings, and take every precaution. No one wants to see their passport or chat history end up in the wrong hands.