- An attack on a third-party support provider exposed the data of Discord users who contacted Customer Support and Trust & Safety.
- Names, email addresses, IP addresses, support messages, and limited payment information were compromised; in some cases, images of ID documents.
- Discord says its internal systems were not compromised; no passwords or full credit card numbers were leaked.
- La compañía revocó el acceso del proveedor, investiga el incidente, notifica desde [email protected] y recomienda extremar la precaución frente al phishing.
Un cyberattack against a third-party support provider has caused the Exposure of data linked to users who contacted Discord's customer support and Trust & Safety team. The intruders accessed information sent to those channels and They tried to extort money with the publication of what was stolen.
The platform confirms that its main infrastructure was not compromised and that the scope is limited to interactions with the support service. The company has initiated a forensic investigation, is warning those affected and has strengthened controls over third parties to prevent similar incidents.
The incident and its scope
According to the company, the Unlawful access occurred on September 20 and individual notification began in the following days. Discord notes that the impact This affects a limited number of people who previously opened tickets or contacted Trust & Safety teams..
El The entry point was not a platform server but the external operator that manages part of the customer service.This episode shows how a service with good standards can be weakened by a link in the digital supply chain, where control and monitoring are more complex.
The company emphasizes that There are no indications of intrusion into its internal systems or into the contents of servers and channels outside the support scope.The accessed information corresponds to messages, attachments, and metadata sent to support, which is common when processing inquiries, complaints, or verifications.
What data was exposed
According to the information shared by the company, the fields that could have been compromised include Contact details, ticket-related activity, and partial payment detailsIn specific cases, images of identity documents used for age verification were also allegedly exposed.
- First Name and Discord username.
- Email addresses and other contact information.
- IP addresses associated with communications.
- Messages and attachments sent to support or the Trust & Safety team.
- Limited payment information: method type and last 4 digits of the card, in addition to Shopping history.
- A small number of images of identity documents (e.g., driver's license or passport) for appeals age verification on Discord.
- Corporate material internal use, such as presentations or training content.
Discord emphasizes that no passwords have been leaked, authentication tokens or full card numbers, and that private messages outside of support are not part of the incident.
Discord's response and actions taken
As an immediate action, the company revoked the compromised provider's access, isolated the affected systems and launched an investigation with external cybersecurity specialists.
La Communication with those potentially affected is carried out by mail from the address [email protected]The platform emphasizes that it does not contact by phone regarding this matter and asks to ignore suspicious messages or calls to take advantage of the situation.
Additionally, Discord has informed the relevant authorities and is strengthening audits and controls on third parties, with a special focus on threat detection, access management, and minimal data retention among providers.
Risks and advice for users
With the information obtained, attackers could try phishing, social engineering or impersonation of the brand to request additional data or distribute malicious links. This risk is greater when there are prior communications with support that allow for very credible messages.
Although Discord indicates that there is no need to reset your password for this incident, it is prudent to increase account protection and increase vigilance before any unexpected contact.
- Activate and check the two step authentication (preferably with a code app).
- Be suspicious of emails or DMs asking for data; verify that any notifications come from [email protected].
- Check your payment transactions If you use Nitro or other services, set up activity alerts.
- If you reuse passwords, consider changing them and using a password manager for unique and robust credentials.
- Avoid forwarding or re-uploading identity documents outside of official and encrypted channels.
If you have received the notification email, it is detailed there. what types of data were affected in your case. In the absence of warning, it is advisable to remain alert anyway and do not interact with unsolicited links or files.
The case highlights that the security of a platform also depends on its partners: a vulnerable third party can become the shortcut to attacking an entire community. Discord's reaction has been swift and transparent, but the priority now is minimize the risk of abuse derived from the information presented.
I am a technology enthusiast who has turned his "geek" interests into a profession. I have spent more than 10 years of my life using cutting-edge technology and tinkering with all kinds of programs out of pure curiosity. Now I have specialized in computer technology and video games. This is because for more than 5 years I have been writing for various websites on technology and video games, creating articles that seek to give you the information you need in a language that is understandable to everyone.
If you have any questions, my knowledge ranges from everything related to the Windows operating system as well as Android for mobile phones. And my commitment is to you, I am always willing to spend a few minutes and help you resolve any questions you may have in this internet world.