Popular social platform Discord has suffered a data breach—though technically, it wasn’t Discord itself that was hacked. A third-party customer support provider was compromised, allowing attackers to access Discord’s user data. Either way, it’s Discord users who feel the impact.

The breach, which happened on September 20, didn’t involve a direct attack on Discord’s servers. Instead, attackers gained access through a customer support partner. Criminals claimed they breached Zendesk, the help desk service Discord uses for customer support, according to reports.

Attackers stole data including real names, Discord usernames, email addresses, and other contact details provided to customer support. The breach appears to have been financially motivated and included a ransom demand.

In some cases, “limited billing information” was also taken—including payment type, the last four digits of credit card numbers, and purchase histories. Customer IP addresses and messages with support agents were also exposed.

More concerning is that some users had especially sensitive information stolen. Discord said in its advisory:

“The unauthorized party also gained access to a small number of government-ID images (e.g., driver’s license, passport) from users who had appealed an age determination. If your ID may have been accessed, that will be specified in the email you receive.”

Attacks like this show how large the fallout can be when consumer-focused services are hit.

Discord, once known mainly for gaming communities, now hosts more than 200 million monthly active users and is widely used by companies to host customer and community channels.

According to vendor risk management firm Rescana, the attackers identified themselves as Scattered Lapsu$ Hunters (SLH). BleepingComputer reported this too, but later said SLH changed its story, pointing to another group it knows and interacts with.

The problem with these kinds of groups is that they often share techniques and even members, muddying the waters.

Rescana described SLH as a coalition—combining tactics from Scattered Spider, Lapsu$, and ShinyHunters: groups known for stealing data from third-party partners like support vendors or software suppliers. The attacks relied on social engineering rather than malware.

Discord disclosed the incident 13 days later, on October 3. It has since revoked its support provider’s access, launched an internal investigation with a forensics firm, and notified affected users.

The company reminded users that any communication about the breach will come only from [email protected] and that it will never call users directly.

We don’t just report on data privacy—we help you remove your personal information

Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.