Redazione RHC : 4 October 2025 15:53
A third-party customer service provider was compromised by hackers, who gained access to partial payment information and personally identifiable information for some Discord users. The attack, which occurred on September 20, affected a limited number of users who had contacted Discord customer support and/or the Trust and Safety teams.
The messaging company, in the notification sent to affected users, specifies that the attack occurred on September 20 and that “an unauthorized individual gained restricted access to a third-party customer support system used by Discord.”
Originally conceived as a means of communication for video game enthusiasts, who make up more than 90% of its registered users, Discord has evolved into a versatile platform welcoming diverse communities, offering the ability to exchange text messages, hold conversations through voice chat, and make video calls.
On Friday, Discord made the incident public, saying it had taken immediate action to isolate the support provider from its ticketing system and launched an investigation. “This includes revoking the customer support provider’s access to our ticketing system, launching an internal investigation, hiring a leading digital forensics firm to support our investigation and remediation efforts, and engaging law enforcement.”
The attack appears to be financial in nature, as the hackers demanded payment from Discord to keep the stolen information private. According to the platform’s statistics, more than 200 million people use Discord every month.
The leaked information includes personally identifiable information, such as real names and usernames, email addresses, and additional contact information provided to the support team. The social media service announced that IP addresses, messages, and attachments exchanged with customer service agents were also compromised. Hackers also accessed photos of government-issued IDs (driver’s licenses, passports) for a limited number of users.
To date, the number of affected Discord users remains uncertain, and the name of the third-party vendor or access vector has not been disclosed. It’s important to note that numerous companies have had their Salesforce instances compromised following the ShinyHunters extortion group’s intrusion, which leveraged stolen OAuth tokens from Salesloft and Drift to gain access.
Redazione